(N 



43 



One-way permutations, computational asymmetry and distortion 

Jean-Camille Birget * 
February 5, 2008 

O 

o 

' Abstract 
Oh. 

Computational asymmetry, i.e., the discrepancy between the complexity of transformations 
and the complexity of their inverses, is at the core of one-way transformations. We introduce a 
computational asymmetry function that measures the amount of one-wayness of permutations. We 
also introduce the word-length asymmetry function for groups, which is an algebraic analogue of 
computational asymmetry. We relate boolean circuits to words in a Thompson monoid, over a 
Ph fixed generating set, in such a way that circuit size is equal to word-length. Moreover, boolean 

circuits have a representation in terms of elements of a Thompson group, in such a way that circuit 
size is polynomially equivalent to word-length. We show that circuits built with gates that are 
not constrained to have fixed-length inputs and outputs, are at most quadratically more compact 
than circuits built from traditional gates (with fixed-length inputs and outputs). Finally, we show 
that the computational asymmetry function is closely related to certain distortion functions: The 
computational asymmetry function is polynomially equivalent to the distortion of the path length 
in Schreier graphs of certain Thompson groups, compared to the path length in Cayley graphs of 
' certain Thompson monoids. We also show that the results of Razborov and others on monotone 

as : circuit complexity lead to exponential lower bounds on certain distortions. 

in 

1 Introduction 

The existence of one-way functions, i.e., functions that are "easy to evaluate" but "hard to invert", 
is a major open problem. Much of cryptography depends on one-way functions; moreover, indirectly, 
their existence is connected to the question whether P is different from NP. In this paper we give some 
connections between these questions and some group-theoretic concepts: 

(1) We continue the work of [7], [8], and [9], on the relation between combinational circuits, on the one 
hand, and Thompson groups and monoids on the other hand. We give a representation of any circuit 
by a word over the Thompson group, such that circuit size is polynomially equivalent to word-length. 

(2) We establish connections between the existence of one-way permutations and the distortion func- 
tion in a certain Thompson group. Distortion is an important concept in metric spaces (e.g., Bourgain 
[10J) and in combinatorial group theory (e.g., Gromov [17j . Farb 



Overview: 

Subsections 1.1 - 1.6 of the present Section define and motivate the concepts used: One-way functions 
and one-way permutations; computational asymmetry; word-length asymmetry; reversible computing; 
distortion; Thompson groups and monoids. In Section 2 we show that circuits can be represented by 
elements of Thompson monoids: A boolean circuit is equivalent to a word over a fixed generating set 
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of a Thompson monoid, with circuit size being equal (or linearly equivalent) to word-length over the 
generating set. The Thompson monoids that appear here are monoid generalizations of the Thompson 
group G21, obtained when bijections are generalized to partial functions [D|. Section 3 shows that 
computational asymmetry and word-length asymmetry (for the Thompson groups and monoids) are 
linearly related. In Section 4 we give a representation of arbitrary (not necessarily bijective) circuits 
by elements of the Thompson group G^i; circuit size is polynomially equivalent to word-length over 
a certain generating set in the Thompson group. In Section 5 we show that the computational 
asymmetry function of permutations is polynomially related to a certain distortion in a Thompson 
group. Section 6 contains miscellaneous results, in particular that the work of Razborov and others 
on monotone circuit complexity leads to exponential lower bounds on certain distortion functions. 

1.1 One-way functions and one-way permutations 

Intuitively, a one-way function is a function / (mapping words to words, over a finite alphabet), such 
that / is "easy to evaluate" (i.e., given xo in the domain, it is "easy" to compute /(xo))> but "hard 
to invert" (i.e., given uq in the range, it is "hard" to find any xo such that /(xo) = Vo)- The concept 
was introduced by Diffie and Hellman |13j . 

There are many ways of defining the words "easy" and "hard" , and accordingly there exist many 
different rigorous notions of a one-way function, all corresponding to a similar intuition. It remains 
an open problem whether one-way functions exist, for any "reasonable" definition. Moreover, for 
certain definitional choices, this problem is a generalization of the famous question whether P 7^ NP 

pi Gaum. 

We will base our one-way functions on combinational circuits and their size. The size of a circuit 
will also be called its complexity. Below, {0, l} n (for any integer n > 0) denotes the set of all bitstrings 
of length n. A combinational circuit with input-output function / : {0, l} m — > {0, 1}™ is an acyclic 
boolean circuit with m input wires (or "input ports") and n output wires (or "output ports"). The 
circuit is made from gates of type not, and, or, fork, as well as wire-crossings or wire-swappings. These 
gates are very traditional and are defined as follows. 

and: {x\,x%) G {0, l} 2 1 — ► y G {0, 1}, where y = 1 if x± = xi = 1, and y = otherwise. 

or: (xi, X2) G {0, l} 2 1 — > y G {0, 1}, where y = if x\ = X2 = 0, and y = 1 otherwise. 

not: x G {0, 1} 1 — ► y G {0, 1}, where y = 0ifx=l,y=l otherwise. 

fork: x G {0, 1} 1 — ► (x, x) G {0, l} 2 . 

Another gate that is often used is the exclusive-or gate, 

xor: (xi, X2) G {0, l} 2 1 — ► y G {0, 1}, where y = 1 if x\ ^ x%, and y = otherwise. 

The wire-swapping of the ith and jth wire (i < j) is described by the bit transposition (or bit position 
transposition) 

Tij : uxiVXjW G {0, 1} 1 — > uXjVXiiv G {0, where \u\ = i — 1, \v\ = j — i — 1, \w\ = I — j — 1. 

The fork and wire-swapping operations, although heavily used, are usually not explicitly called "gates" ; 
but because of their important role we will need to consider them explicitly. Other notations for the 
gates: and(xi, x%) = x\ A X2, or(xi, X2) = x\ V X2, not(x) = x, xor(xi, X2) = X\ © X2- 

A combinational circuit for a function / : {0, l} m — > {0, l} n is defined by an acyclic directed graph 
drawn in the plane (with crossing of edges allowed). In the circuit drawing, the m input ports are 
vertices lined up in a vertical column on the left end of the circuit, and the n output ports are vertices 
lined up in a vertical column on the right end of the circuit. The input and output ports and the gates 
of the circuit (including the fork gates, but not the wire transpositions) form the vertices of the circuit 
graph. We often view the circuit as cut into vertical slices. A slice can be any collection of gates and 
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wires in the circuit such that no gate in a slice is an ancestor of another gate in the same slice, and 
no wire in a slice is an ancestor of another wire in the same slice (unless these two wires are an input 
wire and an output wire of a same gate). Two slices do not overlap, and every wire and every gate 
belongs to some slice. For more details on combinational circuits, see [32 } I43 |, fTTj . 

The size of a combinational circuit is defined to be the number of gates in the circuit, including 
forks and wire-swappings, as well as the input ports and the output ports. For a function / : {0, l} m — ► 
{0,1}™, the circuit complexity (denoted C(f)) is the smallest size of any combinational circuit with 
input-output function /. 

A cause of confusion about gates in a circuit is that gates of a certain type (e.g., and) are tradi- 
tionally considered the same, no matter where they occur in the circuit. However, gates applied to 
different wires in a circuit are different functions; e.g., for the and gate, (xi,X2,x^) ^ [x\ /\X2-,x^) is 
a different function than {x\, X2, £3) > (x%,X2 A X3). 

1.2 Computational Asymmetry 

Computational asymmetry is the core property of one-way functions. Below we will define computa- 
tional asymmetry in a quantitative way, and in a later Section we will relate it to the group-theoretic 
notion of distortion. 

For the existence of one-way functions, it is mainly the relation between the circuit complexity 
C(f) of / and the circuit complexity C(f~ 1 ) of f~ 1 that matters, not the complexities of / and of 
/ _1 themselves. Indeed, a classical padding argument can be used: If we add C(f) "identity wires" to 
a circuit for /, then the resulting circuit has linear size as a function of its number of input wires; see 
Proposition 11.21 below. (An identity wire is a wire that goes directly from an input port to an output 
port, without being connected to any gate.) 

In [IT] (page 230) Boppana and Lagarias considered log C(/')/log C(f) as a measure of one- 
wayness; here, /' denotes an inverse of /, i.e., any function such that / o f o / = /. Massey and 
Hiltgen [25^119] introduced the phrases complexity asymmetry and computational asymmetry for injec- 
tive functions, in reference to the situation where the circuit complexities C(f) and C(/ _1 ) are very 
different. The concept of computational asymmetry can be generalized to arbitrary (non-injective) 
functions, with the meaning that for every inverse /' of /, C(f) and C(f') are very different. 

In [25] Massey made the following observation. For any large-enough fixed m and for almost all 
permutations / of {0, l} m , the circuit complexities C(f) and C(f~ 1 ) are very similar: 

& c(f) < c{r l ) < 10 c(f) 

Massey's proof is adapted from the Shannon lower bound [35] and the Lupanov upper bound [23] (see 
also [19] ■ [32]), from which it follows that almost all functions and almost all permutations (and their 
inverses) have circuit complexity close to the Shannon bounds. Massey's observation can be extended 
to the set of all functions / : {0, l} m — ► {0, l} n , i.e., for almost all / and for every inverse /' of /, the 
complexities C(f) and C(f') are within constant factors of each other. 

Hence, computationally asymmetric permutations are rare among the boolean permutations overall 
(and similarly for functions). This is an interesting fact about computational asymmetry, but by 
itself it does not imply anything about the existence or non-existence of one-way functions, not even 
heuristically. Indeed, Massey proved his linear relation C(f) = 0(C(/')) in the situation where 
C(f) = ©(2 m ), and then uses the fact that the condition C(f) = G(2 m ) holds for almost all boolean 
permutations and for almost all boolean functions. But there also exist functions with C(f) = 0(m k ), 
with k a small constant. In particular, one-way functions (if they exist) have small circuits; by 
definition, one-way functions violate the condition C(f) = B(2 m ). 
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A well-known candidate for a one-way permutation is the following. For a large prime number p 
and a primitive root r modulo p, consider the map x G {0, 1, . . . , p— 2} i — ► r x — 1 G {0, 1, . . . , p— 2}. 
This is a permutation whose inverse, known as the discrete logarithm, is believed to be difficult to 
compute. 

Measuring computational asymmetry: 

Let S{o,i}m denote the set of all permutations of {0, l} m , i.e., G{o,i} m is the symmetric group. We 
will measure the computational asymmetry of all permutations of {0, l} m (for all m > 0) by defining 
a computational asymmetry function, as follows. A function a : N — > N is an upper bound on the 
computational asymmetry function iff for all all m > and all permutations / of {0, l} m we have: 
C(/ _1 ) < a (C(/))- The computational asymmetry function a of the boolean permutations is the 
least such function a(.). Hence: 

Definition 1.1 The computational asymmetry function a of the boolean permutations is defined as 
follows for all s G N : a(s) = max{C(/ _1 ) : C(f) < s, f G 6{o,i}™, m > 0}. 

Note that in this definition we look at all combinational circuits, for all permutations in IJm>o ®{o,i} m i 
we don't need to work with non-uniform or uniform families of circuits. 

Computational asymmetry is closely related to one-wayness, as the next proposition shows. 
Proposition 1.2 

(1) For infinitely many n we have: There exists a permutation f n of {0, l} n such that f n is computed 
by a circuit of size <3n, but f~ x has no circuit of size < a(n). 

(2) Suppose that a is exponential, i.e., there is k > 1 such that for all n, a(n) > k n . Then k < 2, 
and there is a constant c > 1 such that we have: For every integer n > 1 there exists a permutation 
Fn of {0, l} n which is computed by a circuit of size < cn, but F~ l has no circuit of size < k n . 

Proof. (1) By the definition of a, for every m > there exists a permutation F of {0, l} m such that 
F is computed by a circuit of some size Cf, but F^ 1 has no circuit of size < a(Cj?). Let n = Cf, 
and let us consider the function f n : {0, 1}^ — > {0, l} Cp defined by f n : (x,w) i — ► (F(x),w), for all 
x e {0, l} m and w G {0, l} c F~ m . 

Then f n (x,w) is computed by a circuit of size Cf + 2 (Cf — in); the term "2 (Cf — m)" comes 
from counting the input-output wires of w. Hence f n has a circuit of size < 3n. On the other hand, 
(y,w) i — > f~ 1 (y,w) = (F^ 1 (y),w) is not computed by any circuit of size < u(Cf), so f~ l has no 
circuit of size < a(n). 

(2) For every n > 1 there exists a permutation F of {0, l} n such that F is computed by a circuit of 
some size Cp, and F -1 has a circuit of size Cp-i = ol(Cf) > k Cp ; moreover, i 7-1 has no circuit of 
size < a(Cjr). Thus, kP F < C F -i < 2™ (1 + c Q ^p), for some constant c Q > 1; the latter inequality 
comes from the Lupanov upper bound [23] (or see Theorem 2.13.2 in [32]). Hence, k < 2 and n < 
Cf < j g fc n. + ci for some constant c\ > 0. Hence, for all n > 1 there exists a permutation i 7 

of {0, l} n with circuit size C F G [n, ■ n + c x • ^p], such that C F -i = a(C» > A; Cf > A; n . □ 

We will show later that the computational asymmetry function is closely related to the distortion 
of certain groups within certain monoids. 

Remarks: 

Although in this paper we only use the computational asymmetry function of the boolean permuta- 
tions, the concept can be generalized. Let lnj({0, l} m , {0, l} n ) denote the set of all injective functions 
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{0, l} m — > {0, l} n . The computational asymmetry function of the injective boolean functions is 
defined by 

a inj ( S ) = maxjCCr 1 ): C(f) < s, f £ lnj({0, l} m , {0, l} n ), m>0,n>0} 

More generally, let ({0, l}™)! ' 1 }" 1 denote the set of all functions {0, l} m — > {0, 1}™. The computa- 
tional asymmetry of all finite boolean functions is defined by 

ow(s) = max{C(/'): C(f) < s, //'/ = /, /, /' G ({0, l} n ) { °' ir , " > 0, m > 0} . 

When we compare functions we will be mostly interested in their asymptotic growth pattern. 
Hence we will often use the big-0 notation, and the following definitions. 

By definition, two functions fa : N — > N and fa : N — ► N are linearly equivalent iff there are 
constants co,c\,C2 > such that for all n > cq : fi(n) < c\ fa(cin) and fa(n) < c^fxic^n). 
Notation: fa ~ lin fa. 

Two functions fa and fa (from N to N) are called polynomially equivalent iff there are constants 
Co, ci,C2,d, e > such that for all n > cq : fi(n) < C\ fa{cin d ) d and fa{n) < C2 /i(c2n e ) e . Notation: 

fa -poly fa- 

1.3 Wordlength asymmetry 

We introduce an algebraic notion that looks very similar to computational asymmetry: 

Definition 1.3 Let G be a group, let M be a monoid with generating set T (finite or infinite), and 
suppose G C M. The word-length asymmetry function of G within M (over V) is 

A(n) = max{|5t~ 1 | r : Mr < n, g£G}. 

The word-length asymmetry function A depends on G, M, T, and the embedding of G in M. 

Consider the right Cayley graph of the monoid M with generating set T; its vertex set is M and 
the edges have the form x — ^ (for x £ M, 7 6 T). For x,y £ M, the directed distance d(x,y) 
in the Cayley graph is the shortest length over all paths from x to y in the Cayley graph; if no path 
from x to y exists, the directed distance is infinite. By "path" we always mean directed path. 

Lemma 1.4 Under the above conditions on G, M, T, we have for every g G G : <i(l,5 _1 ) = d(g, 1) 
and d(l,g) = d(g~ l , 1). 

Proof. Let 77 : T* —> M be the map that evaluates generator sequences in M. If v € T* is the label of 
a shortest path from 1 to g^ 1 in the Cayley graph then g-n{v) = 1 in M, hence n(v) = g~ l . Therefore, 
the path starting at g and labeled by v ends at 1; hence d(g,l) < \v\ = d(l,g~ l ). In a similar way 
one proves that d(l, g^ 1 ) < d(g, 1). The equality d(l,g) = d(g _1 , 1) is also proved in a similar way. 
□ 

Since Mr ^ s ^ ne distance d(l,g) in the graph of M, and since |<? -1 |r = ^(l,^ -1 ) = d(g, 1), the 
word-length asymmetry also measures the asymmetry of the directed distance, to or from the identity 
element 1 in the Cayley graph of M, restricted to vertices in the subgroup G. 

For distances to or from the identity element of M it does not matter whether we consider the left 
Caley graph or the right Caley graph. 
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1.4 Computational asymmetry and reversible computing 

Reversible computing deals with the following questions: If a function / is injective (or bijective) and 
computable, can / be computed in such a way that each elementary computation step is injective 
(respectively bijective)? And if such injective (or bijective) computations are possible, what is their 
complexity, compared to the usual (non-injective) complexity? 

One of the main results is the following (Bennett's theorem [H [5], and earlier work of Lecerf 
[22J): Let / be an injective function, and assume / and _f _1 are computable by deterministic Turing 
machines with time complexity ?/(.), respectively TV-i(.). Then / (and also f^ 1 ) is computable 
by a reversible Turing machine (in which every transition is deterministic and injective) with time 
complexity 0(Tf + Tf-i). Note that only injectiveness (not bijectiveness) is used here. 

Bennett's theorem has the following important consequence, which relates reversible computing 
to one-way functions: Injective one-way functions exist iff there exist injective functions that have 
efficient traditional algorithms but that do not have efficient reversible algorithms. 

Toffoli representation 

Remarkably, it is possible to "simulate" any function / : {0, l} m — ► {0, 1}™ (injective or not, one- 
way or not) by a bijective circuit; a circuit is called bijective iff the circuit is made from bijective 
gates. Here, bijective circuits will be built from the wire swapping operations and the following 
bijective gates: not (negation), c-not (the Controlled Not, also called "Feynman gate") defined by 
G {0, l} 2 i — > (xi, x\ © x 2 ) G {0, l} 2 , and cc-not (the Doubly Controlled Not, also called 
"Toffoli gate") defined by (x 1 ,x 2) x s ) G {0, l} 3 1 — > (xi, x 2 , (xi A x 2 ) © 23) G {0, l} 3 . 

Theorem 1.5 (Toffoli [40]). For every boolean function f : {0, l} m — * {0, l} n there exists a bijective 
boolean circuit /3f (over the bijective gates not, c-not, cc-not, and wire transpositions), with input- 
output function (3 f :x0 n G{0,l} m+n 1 — ► f(x)x G{0, l} n+m . 

In other words, f{x) consists of the projection onto the first n bits of f3f(x0 n ); equivalently, /(.) = 
proj n o f3j o concato«(.), where proj n projects a string of length n + mto the first n bits, and concato« 
concatenates n to the right of a string. See Theorems 4.1, 5.3 and 5.4 of [40], and see Fig. 1 below. 
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Fig. 1: Toffoli representation of the function /. 

The Toffoli representation contains two non-bijective actions: The projection at the output, and 
the forced setting of the value of some of the input wires. 

Toffoli's proofs and constructions are based on truth tables, and he does not prove anything about 
the circuit size of (3f (counting the bijective gates), compared to the circuit size of /. The following 



6 



gives a polynomial bound on the size of the bijective circuit, at the expense of a large number of input- 
and output- wires. 

Theorem 1.6 (E. Fredkin, T. Toffoli [IS]). For every boolean function f : {0, l} m — ► {0,1}™ with 
circuit size C(f) there exists a bijective boolean circuit Bf (over a bounded collection of bijective gates, 
e.g., not, c-not, cc-not ; and wire transpositions), with input- output function 

B f : X n+C ^ G {0, \}^+n+C(f) f( x ) z ( x j G | Q) ^m+n+CU) 

for some z{x) G {0, l} m+c (/). 

If g : {0, l} m — > {0, l} m is a permutation then there exists a bijective boolean circuit U g (over 
bijective gates), with input- output function 

U g : x l m m+c G {0, l} 3m + c i — ► g(x) gjxj x C G {0, l} 3m + c 
where C = max{C(g r ), C(g~ 1 )}, and g(x) is the bitwise complement of g{x). 

Later we will introduce another reversible representation of boolean functions by bijective gates; 
we will need only one 0-wire, but the gates will be taken from the Thompson group G21, i.e., we will 
also use non-length-preserving transformations of bitstrings (Theorems 14.11 and 14.21 below). 

1.5 Distortion 

We will prove later (Theorem 15. 10|) that computational asymmetry has a lot to do with distortion, 
a concept introduced into group theory by Gromov [T7] and Farb [13]. Distortion is already known 
to have connections with isoperimetric functions (see [28], [29], |24|). A somewhat different problem 
about distortion (for finite metric spaces) was tackled by Bourgain [10] . 

We will use a slightly more general notion of distortion, based on (possibly directed) countably 
infinite rooted graphs, and their (directed) path metric. 

A weighted directed graph is a structure (V, E, u) where V is a set (called the vertex set) , E C V x V 
(called the edge set), and uj : E 1 — ► IR>o is a function (called the weight function); note that every edge 
has a strictly positive weight. It is sometimes convenient to define u(u, v) = 00 when (u, v) G VxV—E. 
A path in (V,E) is a sequence of edges (ui,Vi) (1 < i < n) such that Ui + \ = V{ for all i < n, and 
such that all elements in {uj : 1 < i < n} U {v n } are distinct; u\ is called the start vertex of this 
path, and v n is called the end vertex of this path; the sum of weights ^2^ = i w(ui, «j) over the edges 
in the path is called the length of the path. Here we do not consider any paths with infinitely many 
edges; but we allow V and E to be countably infinite. A vertex u>2 is said to be reachable from a 
vertex w\ in (V, E) iff there exists a path with start vertex w\ and end vertex 102- If W2 is reachable 
from w\ then the minimum length over all paths from w\ to W2 is called the directed distance from 
w\ to u>2, denoted d{w\,W2)\ since we only consider finite paths here, this minimum exists. If W2 is 
not reachable from w\ then we define d{w\,W2) to be 00. Clearly we have w\ = W2 iff d(wi,W2) = 0, 
and for all u,v,w G V, d(u,w) < d(u,v) + d(v,w). In a directed graph, the function d(., .) need not 
be symmetric. The function d : V x V — > M>o U {00} is called the directed path metric of (V, E,u>). A 
rooted directed weighted graph is a structure (V, E, uj, r) where (V, E, oj) is a directed weighted graph, 
r G V, and all vertices in V are reachable from r. 

A set M with a function d : M x M — * M>o U {00}, satisfying the two axioms w\ = W2 iff 
d{w\,W2) = 0, and d(u,w) < d(u,v) +d(v,w), will be called directed metric space (a.k.a. quasi-metric 
space) . 

Any subset G embedded in a directed metric space M becomes a directed metric space by using 
the directed distance of M. We call this the directed distance on G inherited from M. 
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If G C V for a rooted directed weighted graph (V, E, u, r), we consider the function £ : g E G i — ► 
d(r,g) E M>o, which we call the directed length function on G inherited from (V,E,uj,r). (The value 
oo will not appear here since all of G is reachable from r.) 

We now define distortion in a very general way. Intuitively, distortion in a set is a quantitative 
comparison between two (directed) length functions that are defined on the same set. 

Definition 1.7 Let G be a set, and let l\ and £2 be two functions G — > M>o- The distortion of £1 

with respect to £2 is the function 6i lt £ 2 : M>o — > M>o defined by 

Sei,e 2 ( n ) = max{^i(5f) : g G G, £ 2 (g) < n}. 

We will also use the notation 5[£i,£2](-) for 5g 1 / 2 (.). When we consider a distortion 5e lj e 2 (.) we often 
assume that £2 < £\ or ^2 < O(^i); this insures that the distortion is at least linear, i.e., bn x ^ 2 {n) > cn, 
for some constant c > 0. We will only deal with functions obtained from the lengths of finite paths 
in countable directed graphs, so in that case the functions £{ are discrete, and the distortion function 
exists. The next Lemma generalizes the distortion result of Prop. 4.2 of |14j . 

Lemma 1.8 Let G be a set and consider three functions £3,£2,£i '■ G —* M>o such that £\{.) > ^2(-) > 
£ 3 {.)- Then the corresponding distortions satisfy: <V,i 3 (-) < <%^ 2 o 5n 2 ^ 3 {.). 

Proof. The inequalities £\{.) > £2(0 > £?>{■) guarantee that the three distortions #4,4, o~i!,e 2 , and 
o~l 2> l 3 are at least as large as the identity map. By definition, 

s £i& ($h,h ( n )) = max{£i(x) : x £ G, £ 2 (x) < 5i 2) £ 3 (n)} 

= max{^i(x) : x £ G, £ 2 (x) < max{^ 2 (-z) : z e G, £ 3 (z) < n}} 

= max{4(x) : x e G, (3z e G)(l 2 {x) < £ 2 (z) and £ 3 (z) < n)} 

> max{^i(x) : x G G, £z{x) <n} = 8g, lt i 3 (n). 

The last inequality follows from the fact that if £^{x) < n then for some z (e.g., for z = x): 

k{x) < £ 2 {z) and £ 3 (z) < n. □ 

Examples of distortion: 

Distortion and asymmetry are unifying concepts that apply to many fields. 

1. Gromov distortion: Let G be a subgroup of a group H, with generating sets Tq, respectively 
Th, such that Tq ^ and such that Tq = T^ 1 and Th = r# ■ This determines a Cayley graph 
for G and a Cayley graph for H. Now we have two distance functions on G, one obtained from the 
Cayley graph of G itself (based on Tq), and the other inherited from the embedding of G in H. See 

P3, ma, and du. 

The Gromov distortion function is a natural measure of the difficulty of the generalized word 
problem. A very important case is when both Tq and Th are finite. Here are some results for that 
case: 

Theorem of Ol'shanskii and Sapir [29] (making precise and proving the outline on pp. 66-67 in [17j): 
All Dehn functions of finitely presented groups (and "approximately all" time complexity functions of 
nondeterministic Turing machines) are Gromov distortion functions of finitely generated subgroups 
of FG2XFG2; here, FG2 denotes the 2-generated free group. Moreover, in [6] it was proved that 
FG2XFG2 is embeddable with linear distortion in the Thompson group G 2) i- So the theorem of 
Ol'shanskii and Sapir also holds for the finitely generated subgroups of G^i. 
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Actually, Gromov [T7] and Bourgain [TO] defined the distortion to be ^ -max{|<7|r G \g\r H < n, g £ 
G}, i.e., they use an extra factor ^. However, the connections between distortion, the generalized word 
problem, and complexity (as we just saw, and will further see in the present paper) are more direct 
without the factor -. 

n 

2. Bourgain's distortion theorem: Given a finite metric space G with n elements, the aim is to 
find embeddings of G into a finite-dimensional euclidean space. The two distances of G are its given 
distance and the inherited euclidean distance. In this problem the goal is to have small distortion, 
as a function of the cardinality of G, while also keeping the dimension of the euclidean space small. 
Bourgain [TO] found a bound 0{n log n) for the distortion (or "O(logn)" in Bourgain's and Gromov's 
terminology). This is an important result. See also [21], [2], [3]. 

3. Generator distortion: A variant of Gromov's distortion is obtained when G = H, but Tq ^ Th- 
So here we look at the distorting effect of a change of generators in a given group. When Tq and 
Th are both finite the generator distortion is linear; however, when Tq is finite and Th is infinite 
the distortion becomes interesting. E.g., for the Thompson group G^i let us take Tq to be any finite 
generating set, and for Th let us take Tq U {Tjj : 1 < i < j}; here T{j is the position transposition 
defined earlier. Then the generator distortion is exponential (see |7J). Also, the word problem of G21 
over any finite generating set Tq is in P, but the word problem of G^i over Tq U {tj : 1 < i < j} is 
coNP-complete (see [7] and [8]). 

4. Monoids and directed distance: Gromov's distortion and the generator distortion can be 
generalized to monoids. We repeat what we said about Gromov distortion, but G and H are now 
monoids, and Tq, respectively Th, are monoid generating sets which are used to define monoid Cayley 
graphs. We will use the left Cayley graphs. We assume re C Th- In each Cayley graph there is 
a directed distance, defined by the lengths of directed paths. The monoid G now has two directed 
distance functions, the distance in the Cayley graph of G itself, and the directed distance that G inherits 
from its embedding into the Cayley graph of H. We denote the word-length of g G G over Tq by |<?|g> 
this is the minimum length of all words over Tq that represent g; it is also the length of a shortest 
path from the identity to g in the Cayley graph of G. Similarly, we denote the word-length of h G H 
over Th by \h\n- The definition of the distortion becomes: 5{n) = m.ax.{\g\G '■ g G G, \g\n < n}. 

5. Schreier graphs: Let G, H, and F be groups, where F is a subgroup of H. Let Th be a 

generating set of Th, and assume Th = TJ^. We can define the Schreier left coset graph of H/F 
over the generating set Th, and the distance function cIh/f(-,-) i n this coset graph. By definition, 
this Schreier graph has vertex set H/F (i.e., the left cosets, of the form h ■ F with h G H), and it has 

directed edges of the form h ■ F — ► 75 • F, for h G H, 7 G Th- The graph is symmetric; for every 

7 -i 

edge as above there is an opposite edge 7/1 • F — ► h ■ F. Because of symmetry the Schreier graph has 
a (symmetric) distance function based on path length, djj/p(., .) : H/F x H/F — > N. 

Next, assume that G is embedded into H/F by some injective function G H/F. Such an 
embedding happens, e.g., if G and F are subgroups of H such that Gfl F = {1}. Indeed, in that case 
each coset in H/F contains at most one element of G (since g\F = g%F implies g^ 1 gi G FDG = {1}). 

The group G now inherits a distance function from the path length in the Schreier graph of H/F. 
Comparing this distance with other distances in G leads to distortion functions. E.g., if the group G 
is also embedded in a monoid M with monoid generating set Tm, this leads to the following distortion 
function: Sain) = max{d^/ F (F, gF) : g G G, \g\hi < n}. 

It will turn out that for appropriate choices of G, F, H, Th, and Tm, this last distortion is polyno- 
mially related to the computational asymmetry function a of boolean permutations (Theorem 15. 10p . 
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6. Asymmetry functions: We already saw the computational asymmetry function of combinational 
circuits, and the word-length asymmetry function of a group embedded in a monoid. More generally, 
in any quasi-metric space (S,d), where d(., .) is a directed distance function, an asymmetry function 
A : M>o — » M>o can be defined by A{n) = max{d(x2, x\) : X\,X2 £ S, d{x\,X2) < n}. 

This asymmetry function can also be viewed as the distortion of d rev with respect to d in S; here 
d vev denotes the reverse directed distance, defined by cF ev (xi, 22) = d(x%,xi). 

7. Other distortions: 

- Distortion can compare lengths of proofs (or lengths of expressions) in various, more or less pow- 
erful proof systems (respectively description languages). Distortion can also compare the duration of 
computations or of rewriting processes in various models of computation. Hence, many (perhaps all) 
notions of complexity are examples of distortion. Distortion is an algebraic or geometric representation 
(or cause) of complexity. 

- Instead of length and distance, other measures (e.g., volumes in higher dimension, energy, action, 
entropy, etc.) could be used. 

1.6 Thompson-Higman groups and monoids 

The Thompson groups, introduced by Richard J. Thompson [38j [26l [39] , are finitely presented infinite 
groups that act as bijections between certain subsets of {0,1}*. So, the elements of the Thompson 
groups are transformations of bitstrings, and hence they are related to input-output maps of boolean 
circuits. In this subsection we define the Thompson group G^i (also known as "V"), as well as its 
generalization (by Graham Higman [18J) to the group G^ i that partially acts on A*, for any finite 
alphabet A of size k > 2. We will follow the presentation of [6] (see also [8] and [7]); another reference 
is |33j . which is also based on string transformations but with a different terminology; the classical 
references |38, 26, 391 118^ IT2] do not describe the Thompson groups by transformations of finite strings. 
Because of our interest in strings and in circuits, we also use generalizations of the Thompson groups 
to monoids, as introduced in [9]. 

Some preliminary definitions, all fairly standard, are needed in order to define the Thompson- 
Higman group Gk,i- First, we pick any alphabet A of cardinality \A\ = k. By A* we denote the set 
of all finite words (or "strings") over A; the empty word e is also in A*. We denote the length of 
w £ A* by \w\ and we let A n denote the set of words of length n. We denote the concatenation of 
two words u,v £ A* by uv or by u ■ v; the concatenation of two subsets B,C C A* is defined by 
BC = {uv : u £ B,v £ C}. A right ideal of A* is a subset R C\ A* such that RA* C R. A generating 
set of a right ideal R is, by definition, a set C such that R is equal to the intersection of all right 
ideals that contain C; equivalently, C generates R (as a right ideal) iff R = CA*. A right ideal R is 
called essential iff R has a non-empty intersection with every right ideal of A*. For u,v £ A*, we call 
u a prefix of v iff there exists z £ A* such that uz = v. A prefix code is a subset C C A* such that 
no element of C is a prefix of another element of C. A prefix code C over A is maximal iff C is not 
a strict subset of any other prefix code over A. It is easy to prove that a right ideal R has a unique 
minimal (under inclusion) generating set Cr, and that Cr is a prefix code; moreover, Cr is a maximal 
prefix code iff R is an essential right ideal. 

For a partial function / : A* — > A* we denote the domain by Dom(/) and the image (range) by 
Im(/). A restriction of / is any partial function f\ : A* — > A* such that Dom(/i) C Dom(/), and 
such that fi(x) = f(x) for all x £ Dom(/i). An extension of / is any partial function of which / 
is a restriction. An isomorphism between right ideals i?i,i?2 of A* is a bijection ip : R± — > R2 such 
that for all r% £ R± and all z £ A*: ip(r\z) = ip(r\) ■ z. The isomorphism <p is uniquely determined 
by a bijection between the prefix codes that minimally generate R\, respectively i?2- One can prove 
[39\ [33l [6] that every isomorphism (p between essential right ideals has a unique maximal extension 
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(within the category of isomorphisms between essential right ideals of A*); we denote this unique 
maximal extension by max(^). 

Now, finally, we define the Thompson-Higman group G^x'. It consists of all maximally extended 
isomorphisms between finitely generated essential right ideals of A*. The multiplication consists of 
composition followed by maximum extension: tp ■ ijj = max((/3 o ip). Note that G^i acts partially and 
faithfully on A* on the left. 

Every element tp G Gp. i can be described by a bijection between two finite maximal prefix codes; 
this bijection can be described concretely by a finite function table. When ip is described by a maximally 
extended isomorphism between essential right ideals, tp : Ri — > R 2 , we call the minimum generating 
set of i?i the domain code of tp, and denote it by domC {ip); similarly, the minimum generating set of 
R 2 is called the image code of tp, denoted by imC(p). 

Thompson and Higman proved that Gf-i is finitely presented. Also, when k is even G^x is a simple 
group, and when k is odd G^i has a simple normal subgroup of index 2. In [6] it was proved that 
the word problem of G^i over any finite generating set is in P (in fact, more strongly, in the parallel 
complexity class ACi). In [8j [7] it was proved that the word problem of G^i over rujrjj : 1 < i < j} is 
coNP-complete, where V is any finite generating set of Gp.,1, and where Tjj is the position transposition 
introduced in Subsection 1.1. 

Because of connections with circuits we consider the subgroup lpGk t i of all length-preserving 
elements of Gk t i) more precisely, IpG^^i = {p G G^i : Vx G Dom(^), |a?| = |(/?(x)|}. See [5J for 
a study of lpGt,i and some of its properties. In particular, it was proved that lpGk,i is a direct limit 
of finite alternating groups, and that lpG 2j \ is generated by the set {N, C, T} U {7*^+1 : 1 < i}, 
where N : x\w \— > X\W, C : x\X 2 w 1— > X\ [x 2 © x\) w, and T : x\X 2 Xj,w 1— > x\x 2 (£3 © (X2 A X\)) w 
(for xi,X2,X3 G {0,1} and w G {0,1}*). Thus (recalling Subsection 1.4), N,C,T are the not, c-not, 
cc-not gates, applied to the first (left-most) bits of a binary string. It is known that the gates not, 
c-not, cc-not, together with the wire-swappings, form a complete set of gates for bijective circuits (see 
[361 HQl US]); hence, lpG 2 ,\ is closely related to the field of reversible computing. 

It is natural to generalize the bijections between finite maximal prefix codes to functions between 
finite prefix codes. Following [9] we will define below the Thompson-Higman monoids Mk t i- First, 
some preliminary definitions. A right-ideal homomorphism of A* is a total function ip : Ri — > A* such 
that Ri is a right ideal, and such that for all T\ G R\ and all z G A*: p{r\z) = <p>{ri) ■ z. It is 
easy to prove that \m.{ip) is then also a right ideal of A*. From now on we will write a right-ideal 
homomorphism as a total surjective function tp : R\ — > R 2 , where both R\ and R 2 are right ideals. The 
homomorphism <p is uniquely determined by a total surjective function / : P\ — > S 2 , with P±, S 2 C A* 
where Pi is the prefix code (not necessarily maximal) that generates Ri as a right ideal, and where 
S 2 is a set (not necessarily a prefix code) that generates R 2 as a right ideal; / can be described by a 
finite function table. 

For two sets X, Y, we say that X and Y "intersect" iff X n Y 7^ 0. We say that a right ideal 
R[ is essential in a right ideal i?i iff R[ intersects every right ideal that Ri intersects. An essential 
restriction of a right-ideal homomorphism ip : R\ — > R 2 is a right ideal-homomorphism <I> : R[ — > i? 2 
such that is essential in and for all x\ G R\: p(x'i) = 3>(xj). In that case we also say that ip 
is an essential extension of <F If $ is an essential restriction of <p then R 2 = Im($) will automatically 
be essential in R 2 = lm((p). Indeed, if I is any no-empty right subideal of R± then I n R[ ^ 0, hence 
^ $(/ D R'i) C $(J) n <l?(i?i) = *W n i? 2 ; moreover, any non-empty right subideal J of i? 2 is of 
the form J = $(/), where / = <I> _1 (J) is a non-empty right subideal of R\\ hence, for any non-empty 
right subideal J of R 2 , / J n i?' 2 - 

The free monoid ^4* can be pictured by its right Cayley graph, which is easily seen to be the 
infinite regular /c-ary tree with vertex set A* and edge set {(v,va) : v G A*, a G A}. We simply call 
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this the tree of A* . It is a directed, rooted tree, with all paths directed away from the root e (the 
empty word); by "path" we will always mean a directed path. Many of the previously defined concepts 
can be reformulated more intuitively in the context of the tree of A*: A word v is a prefix of a word 
w iff v is an ancestor of w in the tree. A set P is a prefix code iff no two elements of P are on a 
common path. A set R is a right ideal iff any path that starts in R has all its vertices in R. The 
prefix code that generates R consists of the elements of R that are maximal (within R) in the prefix 
order, i.e., maximally close (along paths) to the root e. A finitely generated right ideal R is essential 
iff every infinite path eventually reaches R (and then stays in it from there on). Similarly, a finite 
prefix code P is maximal iff any infinite path starting at the root eventually intersects P. For two 
finitely generated right ideals R',R with R' C R we have: R' is essential in R iff any infinite path 
starting in R eventually reaches R' (and then stays in it from there on). 

Assume now that a total order a\ < 02 < ■ ■ ■ < has been chosen for the alphabet A; this means 
that the tree of A* is now an oriented rooted tree, i.e., the children of each vertex v have a total order 
va\ < va2 < . . . < vak- The following can be proved (see [9], Prop. 1.4(1)): is an essential restriction 
of ip iff <3> can be obtained from p by starting from the table of <p and applying a finite number of 
restriction steps of the following form: "replace (x,y) in a table by {(xai, yai), . . . , (xdk, yak)}". 
In the tree of A* this means that x and y are replaced by their children xa\ , . . . , xa^ , respectively 
ya±, . . . , yak, paired according to the order on the children. One can also prove (see [9], Remark after 
Prop. 1.4): Every right ideal homomorphism ip with table P — > S has an essential restriction iff that 
has a table P' — * Q' such that both P' and Q' are prefix codes. 

An important fact is the following (see [9], Prop. 1.4(2)): Every homomorphism between finitely 
generated right ideals of A* has a unique maximal essential extension; we call it the maximum essential 
extension of $ and denote it by max($). 

Finally here is the definition of the Thompson-Higman monoid: Mki consists of all maximum es- 
sential extensions of homomorphisms between finitely generated right ideals of A* . The multiplication 
is composition followed by maximum essential extension. 

One can prove the following, which implies associativity: For all right ideal homomorphisms ip\,<p% : 
max(</?2 <fi) = max(max(t^2) Pi) = max(<^2 max(pi)). 

In [9] the following are proved about the Thompson-Higman monoid Mk,i'. 

• The Thompson-Higman group Gk 1 is the group of invertible elements of the monoid Mki- 

• Mfc 5 i is finitely generated. 

• The word problem of Mki over any finite generating set is in P. 

• The word problem of Mki over a generating set T U {r,y : 1 < i < j}, where T is any finite 
generating set of Mk,i, is coNP-complete. 

2 Boolean functions as elements of Thompson monoids 

The input-output functions of digital circuits map bitstrings of some fixed length to bitstrings of a 
fixed length (possibly different from the input length). In other words, circuits have input-output maps 
that are total functions of the form / : {0, l} m — > {0, l} n for some m, n > 0. The Thompson-Higman 
monoid Mk,i has an interesting submonoid that corresponds to fixed-length maps, defined as follows. 

Definition 2.1 (the submonoid lepMk 1). Let p : PA* — ► QA* be a right-ideal homomorphism, 
where P,Q<zA* are finite prefix codes, and where P is a maximal prefix code. Then p is called length 
equality preserving iff for all X\,X2 6 Dom(p) : |xi| = \x2\ implies \p{x\)\ = \<p(x2)\- 

The submonoid lepMki of Mk,i consists of those elements of Mk,i that can be represented by 
length- equality preserving right-ideal homomorphisms. 
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It is easy to check that an essential restriction of an element of lepM^^ is again in lepM^^i, so lepM^^i 
is well defined as a subset of Mki; moreover, one can easily check that lepMk t i is closed under 
composition, so lepMf^i is indeed a submonoid of M^ i. 

For ip e Mk t i we have ip G lepM^i iff there exist m > and n > such that A m C Dom(^) 
and ip{A m ) C A n . So (by means of an essential restriction, if necessary), <p can be represented by a 
function table A m — > Q C ^4 n with a /ixed input length and a fixed output length (but the input and 
output lengths can be different). 

The motivation for studying the monoid lepM^i is the following. Every boolean function / : 
{0, l} m — ► {0, 1}" (for any m, n > 0) determines an element of lepM^i, and conversely, this element 
of lepM^i determines / when restricted to {0, l} m . By considering all boolean functions as elements 
of lepMk t i we gain the ability to compose arbitrary boolean functions, even if their domain and range 
"do not match". Moreover, in lepM/,^ we are able to generate all boolean functions from gates by 
using ordinary functional composition (instead of graph-based circuit lay-outs) . The following remains 
open: 

Question: Is lepM^i finitely generated? 
However we can find nice infinite generating sets, in connection with circuits. 

Proposition 2.2 (Generators of lepM^^i). The monoid lepM^i has a generating set of the form 
T U {t^j+i : 1 < i}, for some finite subset T C lepM^ \. 

Proof. We only prove the result for k = 2; a similar reasoning works for all k (using fc-ary logic). 

It is a classical fact that any function / : {0, l} m — ► {0, l} n can be implemented by a combinational 
circuit that uses copies of and, or, not, fork and wire-crossings. So all we need to do is to express theses 
gates, at any place in the circuit, by a finite subset of lepM^ i and by positions transpositions Tjj+i. 
For each gate g £ {and, or} we define an element 7 9 6 lepMk i by 

7 9 : x lX2 w £ {0,l} m i — ► g(x 1 ,x 2 )w £ {OA}™- 1 . 

Similarly we define 7not,7fork £ fcpM^i by 

7not : x lW G {0, l} m i — ► x~i w £ {0, l} m , 

7fork : xiw £ {0,l} m i— » x lXl w £ {0,l} m+1 . 

For each g £ {and, or, not, fork}, j g transforms only the first one or two boolean variables, and leaves 
the other boolean variables unchanged. We also need to simulate the effect of a gate g on any variable 
Xi or pair of variables XiXi+i, i.e., we need to construct the map 

uxiX i+1 v £ {0, l} m i — ► u g(xi,x i+1 ) v £ {0, l}" 1 " 1 

(and similarly in case where g is not or fork). For this, we apply wire-transpositions to move XjXj+i to 
the wire-positions 1 and 2, then we apply j g , then we apply more wire-transpositions in order to move 
g(xi,x 2 ) back to position i. Thus the effect of any gate anywhere in the circuit can be expressed as a 
composition of 7 S and position transpositions in {t^+i : 1 < i}. □ 

Proposition 2.3 (Change of generators of lepM^^). Let {r^+i : 1 < i} be denoted by r. If 
r,r' C lepMk^i are two finite sets such that TUr andT'Ur generate lepM^^i, then the word-length over 
r U r is linearly related to the word-length over fUr. In other words, there are constants d > c > 1 
such that for all m £ ZepMj^i : |m|rur < c • |m|r'ur < c ' " l^lrur- 

Proof. Since T is finite, the elements of T can be expressed by a finite set of words of bounded length 
(< c) over r' U r. Thus, every word of length n over T U r is equivalent to a word of length < cn over 
fUT. This proves the first inequality. A similar reasoning proves the second inequality. □ 
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Proposition 2.4 (Circuit size vs. iepil^i word- length). 

Let Ti ep M 2 1 U {rjj : 1 < i < j} be a generating set of lepMi t \ with Ti ep M 2 1 finite. Let f : {0, l} m — > 
Q (<= {0,1}™) be a function defining an element of lepM 2j ±, and let \f\i ep M 21 ^ e word-length of f 
over the generating set Ti ep M 21 U {r^j : 1 < i < j}. Let |C/| 6e £/ie circuit size of f (using any 
finite universal set of gates and wire-swappings). Then \ f\i ep M 2 i an d are linearly related. More 
precisely, for some constants c\ > c Q > 1 : 

|C/| < C • |/|iepAf 2 ,i - c i"|C/l- 

Proof. For the proof we assume that the set of gates for circuits (not counting the wire-transpositions) 
is Ti ep M 2 ! • If we make a different choice for the universal set of gates for circuits, and a different choice 
for the finite portion T[ ep M 2 1 of the generating set of lepM.2^ then the inequalities remain the same, 
except for the constants ci,c D . 

The inequality \Cf\ < \ f\i ep M 2 1 is obvious, since a word w over Ti ep M 2 1 U {rjj : 1 < i < j} is 
automatically a circuit of size \w\. 

For the other inequality, we want to simulate each gate of the circuit Cf by a word over Ti ep M 2 1 U 
'■ 1 < i < j}- The reasoning is the same for every gate, so let us just focus on an or gate. The 
essential difference between circuit gates and elements of lepMi\ is that in a circuit, a gate (with 
2 input wires, for example) can be applied to any two wires in the circuit; on the other hand, the 
functions in lepM^x are applied to the first few wires. However, the circuit gate or, applied to (i, i + 
can be simulated by an element of T[ ep M 2 1 and a few wire transpositions, since we have: orj > j + i(.) = 

7or ° T2,i+1 ° Tl,i{-)- 

The output wire of or^j+iQ is wire number i, whereas the output wire of 7 or or2 ) j+i 0Ti ( i(.) is wire 
number 1. However, instead of permuting all the wires in order to place the output of 7 or T^i+i Tx t i(.) 
on wire i, we just leave the output of 7or ^2,1+1 T"i,i(-) on wire 1 for now. The simulation of the 
next gate will then use appropriate transpositions T2j ■ Tn- for fetch the correct input wires for the 
next gate. Thus, each gate of Cf is simulated by one function in Ti ep M 2 1 and a bounded number of 
wire-transpositions in {tj j : 1 < i < j}. 

At the output end of the circuit, a permutation of the n output wires is needed in order to send 
the outputs to the correct wires; any permutation of n elements can be realized with < n (< \Cf\) 
transpositions. (The inequality n < |C/| holds because since we count the output ports in the circuit 
size.) □ 

Remark. The above Proposition motivates our choice of generating set of the form ru{rjj : 1 < i < j} 
(with r finite) for lepM^i; in particular, it motivates the inclusion of all the position transpositions 
Tjj in the generating set. The Proposition also motivates the definition of word- length in which Tij 
has word- length 1 for all j > i > 1. 

Next we will study the distortion of lepMf-i in ±. We first need some Lemmas. 

Lemma 2.5 (Lemma 3.3 in |6j). // P,Q,R^ A* are such that PA* n QA* = RA* and R is a prefix 
code, then R C P U Q. 

Proof. For any r £ R there are p £ P,q G Q and v,w G A* such that r = pv = qw. Hence p is a 
prefix of q or q is a prefix of p. Let us assume p is a prefix of q = px, for some x £ A* (the other case 
is similar) Hence q = px £ PA* n QA* = RA* , and q is a prefix of r = qw. Since R is a prefix code, 
r = q, hence r £ Q. □ 

Lemma 2.6 Let P,QcA* be finite prefix codes, and let 9 : PA* — > QA* be a right-ideal homomor- 
phism with domain PA* and image QA* . Let S be a prefix code with S C QA*. Then 9~ 1 (S) is a 
prefix code and O'^SA*) = O^iS) A*. 
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Proof. First, 9 1 (S) is a prefix code. Indeed, if we had x\ = x 2 u for some X\,X2 £ 1 (S) with u 
non-empty, then 9{x\) = 9{x2) u. This would contradict the assumption that S is a prefix code. 

Second, 9~ 1 (S) C 9- 1 (SA*), hence 9~ 1 (S) A* C 9~ 1 (SA*), since 9~ 1 (SA*) is a right ideal. (Recall 
that the inverse image of a right ideal under a right-ideal homomorphism is a right ideal.) 

We also want to show that 9~ 1 (SA*) C 9~ 1 (S) A*. Let x £ 9~ 1 (SA*). So, 9{x) = sv for some 
s £ S, v £ A*, and s = qu for some q £ Q, u £ A*. Since 9{x) = quv, we have x = puv for some 
p £ P with 9(p) = q. Hence 9(pu) = qu = s. Therefore, x = puv with pu £ 9~ 1 (s) C 9~ 1 (S), hence 
x £ 9~ 1 {S) A*. □ 

Notation: For a right-ideal homomorphism 92 : Dom((p) = PA* — ► Im(<£>) = QA*, where P, Q C i* 
are finite prefix codes, we define 

£((p) = max{|z| : z £ P\J Q}, 
For any finite prefix code C C A* we define 

£(C) = max{|z| : z £ C}. 

Lemma 2.7 Zei ip : Dom(c^) = P^4* — ► Im((/3) = QA* be a right-ideal homomorphism, where P and 
Q are finite prefix codes. Let R C A* be any finite prefix code. Then we have: 

(1) i{<p-i(R))<i{<p)+i{R), 

(2) e(<p(R))<e(<p)+e(R). 

Proof. (1) Let r £ R n lm(cp). Then every element of (p~ l (r) has the form p\w for some p\ £ P 
and w £ A* such that r = q\w for some qi £ Q (with (f{p\) = qi). Hence \piw\ = \pi\ + \r\ — \q\\ = 
\ r \ + \Pi\ ~ Moreover, |r| < £(R) and \p\\ — \q±\ < £(ip), so \piw\ < £{R) +£(ip). 

(2) If r £ R PI Dom(^) then y?(r) has the form for some qi £ Q and t> G A* such that r = p\w 
for some p\ £ P (with </?(pi) = gj). Hence |git>| = \q\\ + \r\ — \p\\ = \r\ + \qi\ — \p\\. Moreover, 
|r| < £(R) and |gi| - < £(ip), so < £{R) + £(ip). □ 

For any right-ideal homomorphisms (pi (with i = 1, . . . , iV), the composite map (p^ o . . . o </?i(.) is a 
right-ideal homomorphism. We say that right-ideal homomorphisms <3?j (with i = 1, . . . , A 7 ") are directly 
composable iff Dom($j + i) = Im($j), for z = 1, . . . , N — 1. The next Lemma shows that we can replace 
composition by direct composition. 

Lemma 2.8 Let ifi : Dom((/?j) = PiA* — ► Im(^) = QiA* be a right-ideal homomorphism (for 
i = 1, . . . , N), where Pi and Qi are finite prefix codes. Then each (pi has a (not necessarily essential) 
restriction to a right-ideal homomorphism <I>j with the following properties: 

• $/v ° ... ° = if N o . . . o 

• Dom($ m ) = Im($j) ; /or i = 1, . . . , TV - 1; 

• < £f=i%j) for every i = l,...,N. 

Proof. We use induction on AT. For N = 1 there is nothing to prove. So we let N > 1 and we 
assume that the Lemma holds for ipi : PiA* — ► Qi^* with i = 2, ... ,7V, i.e., we assume that each 
</?i (for i = 2, . . . , AT) has a restriction 92^ : — > Q^A* such that 92^ o . . . o 99^ = 92 at o ... o 922, 
P' i+l = Q\ (for i = 2, . . . , TV - 1), and < £f= 2 %,) for every i = 2, . . . , N. From = Q[ 

(for i = 2, . . . , AT - 1) it follows that %^ o . . . o <p' 2 ) < max{%[) : i = 2, . . . , N} < ^=2 

Using the notation </?|jv2] f° r V'iv • • • ¥2 we nave Dom((/9| 7V 2 j) = P2^4* and lm(ip^ N2 ^) = Q^A*. 
When we compose 931 and <p'[ N 2 j we obtain 
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<Pi 1 (Q 1 A*nP 2 A*) Q 1 A*nP 2 A* <p[ m (QiA* n P 2 A*). 

In this diagram, $1 is the restriction of <pi to the domain tp^ 1 (QiA* T)P 2 A*) and image QiA* DP 2 A*; 
and $jjy 2 ] ^ s * ne restriction of <p'^ N2 ] to the domain QiA* n P 2 A* and image (/^ 2 , H P2^4*). 

Hence, $nv,2] °$i = 0( ^ 1 ' and Dom (^'Ar2]) = im (^i) (= Qi^ 4 * n P2A*). So $1 and $\ N)2 ] are 

directly composable. 

By Lemma [23] there is a prefix code S C A* such that 5,4* = QiA* n P 2 .4* and SCQjU P 2 . 
Hence, £(5) < max{£(Qi)^(P 2 )} < max{f( W ),f(^)} < max{%i), £jL 2 %,)} < EjLi%j)- 

It follows also that tp^ 1 (QiA*nP 2 A*) = ^^(SA*) = ^^(S) A* (the latter equality is from Lemma 
156)1 ■ Since 5 C Qi U P 2 implies ^(S) C U ^C^) = Pi U ^(Pz), we have < 

max{^(Pi), %^(P 2 ))}. Obviously, £(J»i) < Moreover, by LemmaEIl ^(^ 1 (P 2 )) < %i) + 

£(P 2 ). Since £(P 2 ) < % 2 ) < £^ 2 %i) ( the latter "<" b Y induction), we have £((p^(S)) < %i)+ 

Ef= 2 %;) = Ef=i%,)- 

Since the domain code of $1 is ip^ 1 (S) and its image code is S, we conclude that ^(^1) < 

Let us now consider any $^ 2 , , for i = 1, . . . , N. By definition, $^ 2 j is the restriction of (p^ o . . . o <p' 2 
to the domain SA*. So the domain code of f*^ 2 i is 5, and we just proved that £(S) < Ej=i ^ifj)- 
The image code of 3?^ 2 , is (p ■ o . . . o (/^(S 1 ). Since 5 C Qi U P2 we have 

ip' { o . . . o ip' 2 (S) C ^o...o^(g!) U ^-o...o^ 2 (P 2 ) = ^ o . . . o ip' 2 (Qi) U Q\. 
Therefore: o . . . o ^(5)) < max{%< o . . . o <p 2 (Qi)), £($)}. 

We have £(Q' i ) < %<) < £ji 2 %i) (the last "<" by induction). 

ByLemmaEZl 0...0 ip' 2 (Qi)) < o . . . o ip' 2 ) + £(Q{) < o . . . o ip' 2 ) + £(ip{). And 

l(y>\ o . . . o (^'2) < max{£((/3j) : j = 2, . . . , i}, because Dom((^', +1 ) = lm(ip' r ) for all r = 2, . . . , N — 1. 
And by induction, £(<^) < Ejl 2 K<Pj)- Hence, £(<p>\ o ... o ip 2 (Qi)) < £/li t(<Pj)- 

Thus, £($|. 2] ) < Ef=i%i) for every i = 2, . . . ,N. 

Finally, we factor 2 , as 2 , = <l>jv o . . . o $ 2j where $j (for i = 2, . . . , iV) is defined to be the 
restriction of ip' { to the domain <f>\_i o . . . o (^ 2 (S^4*) (= ^(S^A*)). Since Dom(ip' r+1 ) = Im(^) 
(for all r = 2, . . . , N — 1), the domain of ^ is equal to the image of <f>\_\ o . . . o (p' 2 . So, the domain 
code of &i is <p\_\ o . . . o ^(S 1 ), and its image code is o o . . . o (p' 2 (S). Since we already proved 
that £((p' i o...o(p' 2 (S)) < E]Li%j) (for alH), it follows that £($») < EjLi%i)- D 

In the next theorem we show that the distortion of lepMki in Mk 1 is at most quadratic (over the 
generators considered so far, which include the bit position transpositions). Combined with Proposi- 
tion [231 this means the following: 

Assume circuits are built with gates that are not constrained to have fixed-length inputs and outputs, 
but assume the input- output function has fixed-length inputs and outputs. Then the resulting circuits 
are not much more compact than conventional circuits, built from gates that have fixed-length inputs 
and outputs (we gain at most a square-root in size). 

Theorem 2.9 (Distortion of lepM^i in M^i). The word-length (or Cayley graph) distortion of 
lepMk^i in Mk,i has a quadratic upper bound; in other words, for all x E lepM^y. 

\x\lepM kA < C- (|x|m m ) 2 

where c > 1 is a constant. Here the generating sets used are T*M k 1 U {r^j : 1 < i < j} for M^i, and 
Fle P M kA U {nj : 1 < i < j} for lepM k)1 , where T MkA and Ti epMk l are finite. By \x\ Mktl and \x\ lepMkil 
we denote the word-length of x over 1 U {jij : 1 < i < j}, respectively Ti ep M k 1 U {rjj : 1 < i < j}. 
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Proof. We only prove the result for k = 2; a similar proof applies for any k. We abbreviate the set 
'■ 1 < i < j} by r. The choice of the finite sets r^ fc 1 and V\ ev u h x does not matter (it only affects 
the constant c in the Theorem. By Corollary 3.6 in [S] we can choose T^ x so that each 7 G T A/ fc 1 
satisfies the following (recall that £(5) denotes the length of the longest words in a set S): 

£(domC(7) U imC(7)) < 2, and 

||7(x)| — \x\\ < 1 for all x G Dom(7). 

Let </? G lepMk,i, and let u; = ajy • • • ot\ be a shortest word over the generating set x U t of 
Mfc 5 i, representing p. So N = |</?|a4 x . We restrict each partial function en to a partial function a[ such 

that imC(c^) = domC(c^ +1 ) for i = 1 JV — 1. according to Lemma [2781 Hence, ajyo. . .oa 1 (.) = 

a' N o . . .0 a'^.), and ^(a-) < Y2j=i K a j) f° r every i = 1, . . . , N. Then o . . .0 a\{.) is a function 
{0, l} m {0, 1}* — * Q {0, 1}*, representing <p, and we will identify ■ ■ ■ cti(-) with ip. It follows 
that domC(ai) = domC^) = {0,l} m , and imC(a^) = imC(V) = QC {0,l} n . More generally, it 
follows that imC(a- o . . . o a^) = imC(aQ, and domC(a^ o . . . o a[) = domC(a-). 

Since £(a'j) < J2f=i ^{ a j)i and ^( a j) < 2 for all j, we have for every i = 1, . . . , N: ^(c^) < 2 N. 

From here on we will simply denote l{pl^) by 4- Now, we will replace each a- G M^j by Pi G 
lepMf.,1, such that domC(/3j) = {0, and imC(/3j) C {0, so Pi is length-equality preserving. 

This will be done by artificially lengthening those words in domC(a-) that have length < 4 and those 
words in imC(c^) that have length < 4+1- Moreover, we make Pi defined on all of {0, 1} In detail, 
Pi is defined as follows: 

• If A < 4+i : 

Pi(uz) = v z o £i + 1_£ H^I+M for all « G domC(a-), and z G {0, l}^ i- N; here t> = c^(«); 
= x 0* 4 + 1_/4 for all x Dom(a<), |x| = 4- 

• If 4 > 4+1 : 

Pi{uz\Z2) = v z\ for all ti € domC(a-) and all Z\, Zi G {0, 1}* with 

ki| = 4+1 - \v\, \zz\ = 4 — 4+1 + \v\ - \u\; here, v = a-(u); 
Pi{x\X2) = x\ for all x\, X2 G {0, 1}* such that ^Dom(a'), with 

= 4+1, \%2\ = 4 - 4+1- 

Claim. Pn o . . . o p x (.) = ip. 

Proof of the Claim: We observe first that domC(/?i) = domC(a' 1 ) (= domC(ip) = {0, l} m ). Next, 
assume by induction that for every x G {0, l} m : o^-i o . . . o a.±(x) = u is a prefix of Pi-\ o . . . o 
/3i(x) = uz. Then = uzO^-^-M+M (if 4 < 4+i); or @i(uz) = vz x (if 4 > 4+1, with 

|zi| = 4+1 — M and 2 = z\z%). In either case we find that a' i (a' i _ 1 o . . . o a[(x)) = v is a prefix of 
Pi{P^ l o... p l (x))=p i (uz). 

Hence, when i = N we obtain for any x G {0, l} m : Pn o ... o P\{x) = ys is a prefix of 
a' N o . . . o a^x) = (/?(x) = y for some y and s with |y s| = In = n. Since y G imC(<y9) C {0, l} n we 
conclude that s is empty, hence /?tv • ■ ■ Pi(x) = a' N o . . . o a'^x). [End, proof of Claim.] 

At this point we have expressed (p as a product of N elements Pi G lepM^^i, where N = \(p\M kl - 
We now want to find the word-length of each Pi over Ti ep M k 1 U r, in order to find an upper bound on 
the total word-length of <p over Fi ep M k ,Ur. As we saw above, l- L <2N for every i = 1, . . . , N. 

We examine each generator in TM k : U r. 

If ai G r then Pi G r, so in this case \Pi\i ep M k 1 = !• 
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Suppose now that a% G ^M k i- By Proposition ^. 4l it is sufficient to construct a circuit that computes 
(3i\ the circuit can then be immediately translated into a word over Ti ep M k 1 Ur with linear increase in 
length. 

Since domC(aj) C {0, l}- 2 , we can restrict ai so that its domain code becomes a subset of {0, l} 2 ; 
next, we extend a>i to a map a" that acts as the identity map on {0, l} 2 where aj was undefined. The 
image code of a" is a subset of {0, l}- 3 . In order to compute we first introduce a circuit C{a'[) that 
computes a'-. A difficulty here is that a" does not produce fixed- length outputs in general, whereas 
C(a'() has to work with fixed-length inputs and outputs; so the output of C(a'() represents the output 
of a" indirectly, as follows: 

The circuit C(a") has two input bits u = u\Ui G {0, l} 2 , and 5 output bits: First there are 3 
output bits 3 ~l 1 'l v G {0, l} 3 , where v = a"(u); second, there are two more output bits, c\C2 G {0, l} 2 , 
defined by c\Oi = bin (3 — \v\) (the binary representation of the non-negative integer 3 — \v\). Hence, 
c\C2 = 00 if \v\ = 3, c\C2 = 01 if \v\ = 2, c\C2 = 10 if \v\ = 1; since |u| > 0, the value c\C2 = 11 will 
not occur. Thus c\C2 O 3- ' 1 ' v contains the same information as v, but has the advantage of having a 
fixed length (always 5). The circuit C(a") can be built with a small constant number of and, or, not, 
fork gates, and we will not need to know the details. 

We now build a circuit for 

• Circuit for (3i if £{ < £i+f. 

On input uz G {0, 1}^ (with u G {0, l} 2 ), we want to produce the output v z o^+^HH+M ; where 
v = a'!{u). 

We first apply the circuit C(a"), thus obtaining c\C2 O 3- ' 1 '' v z. Then we apply two fork operations 
(always to the last bit in z) to produce c^O 3 "' 1 '' v z bb, where b is the last bit of z. Applying a 
negation to the first b and an and operation, we obtain c\C2 O 3- ^' v z 0. Applying £i + \ — £{ — 1 more 
fork operations to the last yields c\C2 3 ~^ v z o £i + 1_£i_1 . 

Next, we want to move O 3 "' 1 '' to the right of the output, in order to obtain c±C2 v z o 3 ~M + ^+ 1- ^ -1 . 
For this effect we introduce a controlled cycle. Let k : X1X2X3 S {0, l} 3 1 — > X3X1X2 be the usual 
cyclic permutations of 3 bit positions. The controlled cycle acts as the identity map when c\C2 = 00 
or 11, 7*1 2 when c\C2 = 01, and k when c\C2 = 10. More precisely, 

{c\ C2X1X2X3 if c\C2 = 00 or 11, 
C\C2 X2X1X3 if C\C2 = 01, 
C\C2 X%X\X2 if ClC 2 = 10. 

We apply $4 copies of k c (ci, C2, ., ., •) (all controlled by the same value of c\C2) to 3 ~\ v \ v z. The first 
k c (ci, C2, ., •, •) is applied to the 3 bits O 3 "' 1 '' v , producing 3 bits J/12/22/3; the second k c (ci, C2, ., ., .) is 
applied to 2/22/3 and the first bit of z, producing 3 bits y'xy^y'z'i the third k c (ci,C2, ., ., .) is applied to 
2/ 2 2/3 and the second bit of z, etc. So, each one of the ti copies of k c acts one bit further down than 
the previous copy of k c . This will yield C1C2VZ o 3 ~l'"l + ^ i + 1_ ^ i_1 . Finally, to make c\C2 disappear, we 
apply two fork operations to ci, then a negation and an and, to make a appear. We combine this 
with ci and C2 by and gates, thus transforming OC1C2 into 0. Finally, an or operation between this 
and the first bit of v makes this disappear. 

The number of gates used to compute is 0(£i+\ + £i), which is < O(N). 

• Circuit for if £j > £i+f. 

On input uz G {0, (with u G {0, l} 2 ), we want to produce the output v z\, where v = a"(u). 

We first apply the circuit C(a'-), which yields the output ciC2 3 ~' 1 '' vz. Now we want to erase 
the £i — + 1 last bits of z. For this we apply two fork operations to the last bit of z (let's call it b), 
then a negation and an and, to make a appear. We combine this with the last £{ — bits of z, 
using that many and gates, turning all these bits into a single 0; finally, an or operation between this 
and the bit of the remainder of z makes this disappear. At this point, the output 



18 



uj c : C\c 2 xix 2 x 3 b\b 2 G {0, 1}' 



where Z\ is the prefix of length li+x — 1 of z. 

Next, we apply 0(4+i) position transpositions to Z\ in order move the two last bits of Z\ to the 
front of Z\. Let b\b 2 be the last two bits of Z\\ so, Z\ = z bib 2 (where z is the prefix of length —3 
of z); at this point, the output of the circuit is c\c 2 O 3- ^ vb\b 2 zq. 

We now introduce a fixed small circuit with 7 input bits and 5 output bits, defined by the following 
input-output map: 

c\c 2 x\x 2 x 3 if c\c 2 = 00 or 11, 
c\c 2 x\x 2 b\ if c\c 2 = 01, 
c\c 2 x 3 b\b 2 if c\c 2 = 10. 

When this map is applied to c\c 2 3 ~^ vb\b 2 the output is therefore given by 

{c\c 2 v if \v\ = 3, 

cic 2 vbi if \v\ = 2, 
c\c 2 v b\b 2 if \v\ = 1. 

A circuit for oj c can be built with a small fixed number of and, or, not, fork gates, and we will not need 
to know the details. 

After applying uj c to c\c 2 3 ~^ vb\b 2 ZQ the output has length 4+1 + 2; the "+2" comes from 
c\c 2 . The output is c\c 2 v zo, or c\c 2 v b\ zq, or c\c 2 v b\b 2 zq, depending on whether \v\ = 3, 2, or 1. 

We need to move b\b 2 or b\ (or nothing) back to the right-most positions of zq. We do this by 
applying copies of the controlled cycle k c (c\, c 2 , ., ., .) (all copies controlled by the same value of 
c\c 2 ). We proceed in the same way as when we used k c in the previous case, and we obtain the output 
c\c 2 vzo (if \v\ = 3), or c\c 2 v z§b\ (if \v\ = 2), or c\c 2 v zq b\b 2 (if \v\ = 1). 

Finally, we erase c\c 2 in the same way as in the previous case, thus obtaining the final output. 
The number of gates used to compute fa is 0{£i + \ + ti) < O(N). 

This completes the constuction of a circuit for fa. Through this circuit, fa : {0, — > {0, 1}^*+! is 
expressed as a word over the generating set T[ ep M k 1 U r, of length < 0{ii + \ + ti) < O(N). 

Since we have described if as a product oi N = \tp\M kl elements fa £ lepM^i, each of word-length 
O(N), we conclude that cp has word-length < 0(N 2 ) over the generating set Ti ep M k ± U r of lepMj-^. 
□ 

Question: Does the distortion of lepMk,i in Mfc i (over the generators of Theorem 12 .91) have an upper 
bound that is less than quadratic? 



3 Wordlength asymmetry vs. computational asymmetry 

Proposition 3.1 The word-length asymmetry function A of the Thompson group lpG 2 ^\ within the 
Thompson monoid lepM 2 i is linearly equivalent to the computational asymmetry function a: 
a ~ lin A. 

Here the generating set used for lepM 2> i is T[ ep M 2 1 U {jij '■ < i < j}, where Ti ep M 2 x is finite. The 
gates used for circuits are any finite universal set of gates, together with the wire-swapping operations 
{n,j :0<i<j}. 

We can choose Ti ep M 2 x to consist exactly of the gates used in the circuits; then a = A. 

Proof. For any g £ lpG 2) \ we have 

C{g~ l ) < c • \g~ l \iepM 2 ^ < c • H\g\iepM 2 ,i) < co • A(ci • C(g)). 
The first and last "<" come from Prop. [2^1 (since lpG 2y \ C lepM 2 i), and the middle "<" comes from 
the definition of A; cq and c\ are positive constants. Hence, 
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a(n) < Co • A(ci n) for all n. 
In a very similar way we prove that A(n) < c • 0(0^ n) for some positive constants c' Q , d 1 . □ 

Proposition 3.2 The word-length asymmetry function \m 21 °f the Thompson group lpG2 t i within 
the Thompson monoid Mz t i is polynomially equivalent to the word-length asymmetry function \i ep M 2 1 
of lpG2 t i within the Thompson monoid lepM2 t i- More precisely we have for all n : 

Am 2j1 W < C • \iepM 2 ,i( c l n2 ); 

AiepM 2 ,i(«) < Cq • (A M21 (cin)) 2 ; 
where 00,01,0^,0^ are positive constants. Here the generating set used for /epil^i is Ti ep M 21 U : 
< i < j}, where Ti ep M 2 1 is finite. The generating set used for M 2> i is Tm 2 1 U { T i,j ■ < i < j}, 
where Fm 2 ,i is a finite generating set of M 2> \. 

Proof. For any g £ lpG2,i we have 

|fi'~ 1 |M2,i < C • |g _1 |zej,M 2 ,i < Co • \lepM 2> i(\g\lepM 2) i) < Co • Aj ep Af 2 ,i ( c l " blif 2il )- 

The first "<" holds because lpG 2 ,\ C lepM.2,1 C M2,i and because of the choice of the generating sets. 
The second "<" holds by the definition of Xi ep M 2 1- The third "<" comes from the quadratic distortion 
of lepM-2 1 in M21 (Theorem I2.9p . For the same reasons we also have the following: 

\g~ \le P M 2 ,i < Cq • \g ~ \ 2 M2>1 < c' • (Am2,i(Is , |m 2 ,i)) 2 < Cq ■ (Ajw 21 (ci ■ \g\ie P M 2A )) 2 
where c^c^ are positive constants. □ 

4 Reversible representation over the Thompson groups 

Theorems 14 . 1 1 and 14 . 2 1 b elow introduce a representation of elements of the Thompson monoid Zepil^i by 
elements of the Thompson group G^i, in analogy with the Toffoli representation (Theorem II .51 above), 
and the Fredkin representation (Theorem [L6] above). Our representation preserves complexity, up to a 
polynomial change, and uses only one constant-0 input. Note that although the functions and circuits 
considered here use fixed-length inputs and outputs, the representations is over the Thompson group 
C?2 1, which includes functions with variable-length inputs and outputs. 

In the Theorem below, Tg 2 1 is any finite generating set of Cr2,l- We denote the length of a word 
w by \w\, and we denote the size of a circuit C by |C|. The gates and, or, not will also be denoted 
respectively by A, V, ->. We distinguish between a word Wf (over a generating set of G^i) and the 
element Wf of G^i represented by Wf. 

Theorem 4.1 (Representation of boolean functions by the Thompson group). Let f : 

{0, l} m — * {0, l} n be any total function and let Cf be a minimum-size circuit (made o/A,V, —>, fork- 
gates and wire-swappings nj) that computes f . Then there exists a word Wf over the generating set 
rV?2 1 U { T i,i+i : 1 < i} of G 2) i such that: 

• For all x G {0, l} m : Wf(0x) = f{x) x, where Wf is the element o/G^i represented by Wf. 

• The length of the word Wf is bounded by \Wf\ < 0(\Cf\ 4 ). 

• The largest subscript of any transposition Tii+i occurring in Wf has an upper bound < \Cf\ 2 + 2. 

Proof. Wire-swappings in circuits are represented by the position transpositions r^j+i G G%i. The 
gates not, or, and and of circuits are represented by the following elements of G%i: 

0X1^2 lX\X2 

(21 A 22)3:1X2 (^i A x 2 )xix 2 J ' 








1 




V- = 


1 








OX1X2 \X\X2 
(Zl V X2)X\X2 (Xi V X 2 )xiX 2 
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where xi,X2 range over {0,1}. Hence the domain and image codes of ipy and 92 A are all equal to 
{0,1} 3 - 

To represent fork we use the following element, in which we recognize a £ F^i, one of the commonly 
used generators of the Thompson group F% % \: 



' 


10 


11" 




00 


01 


10 


11 


00 


01 


1 




000 


001 


01 


1 



Note that a agrees with fork only on input 0, but that is all we will need. By its very essense, 
the forking operation cannot be represented by a length-equality preserving element of G2 1, because 
Cr2,i fl lepM^i = lpG2 t i (the group of length-preserving elements of G^l)- A small remark: In [HO [8], 
what we call "<r" here, was called "<t _1 ". 

We will occasionally use the wire-swapping ry (1 < i < j); note that Tij can be expressed in terms 
of transpositions of neighboring wires as follows: 

Ti,j(-) = Ti t i+l ... Tj-2,j-l r j-l,j T j-2,j-l ■■■ U+l,i+2 Ti t i+l(.) 

so the word- length of over {t^+i : 1 < £} is < 2{j — i) — 1. 

For x = x\ . . . x m £ {0, \} m and f(x) = y = y\ . . . y n £ {0, l} n , we will construct a word Wf over 
the generators Tc 2 1 U {t^+i : 1 < i} of Cr2,ij such that Wf defines the map Wf(.) : Ox 1— ► /(x) x. 

The circuit C/ is partitioned into s^ces q (£ = 1, . . . , L). Two gates 51 and 52 are in the same slice 
iff the length of the longest path from g\ to any input port is the same as the length of the longest 
path from 52 to any input port. We assume that Cf is strictly layered, i.e., each gate in slice q only 
has in- wires coming from slice and out- wires going toward slice q+i, for all t. To make a circuit 
C strictly layered we need to add at most |C| 2 identity gates (see p. 52 in [7]). The input-output map 
of slice C£ has the form 

<*(.)= y M = Vt^-vt? e {0,1}— _> yW = yP.-.yg G {0,1}^. 
Then = x and y^ L ^ = y, where x £ {0, l} m is the input and y £ {0, l} n is the output of Cf. Each 
slice is a circuit of depth 1. 

Before studying in more detail how Cf is built from slices, let us see how a slice is built from gates 
(inductively, one gate at a time). 

Let C be a depth-1 circuit with k + 1 gates, obtained by adding one gate to a depth-1 circuit K 
with A; gates. Let K(.) : x% . . . x m 1 — ► y± ■ ■ - y n be the input-output map of the circuit K. Assume 
by induction that K is represented by a word Wk over the generating set Tg 2 1 U { T i,i+l • 1 < of 
G2,i. The input-output map of Wjf is, by induction hypothesis, 

wk{.) ■ Oxi ■■■x m 1 — > §y\...y n x\...x m . 
The word Wc that represents C over ^2,1 is obtained as follows from Wk] there are several cases, 
depending on the gate that is added to K to obtain C. 

Case 1: An identity-gate (or a not-gate) is added to K to form C, i.e., 

C(.) : Xi . . .x m x m+ i 1 — ► y\...y n Xm+i 

(or, C(.) : X\ . . . XmXmJj-i 1 ► y\ . . . y n x m +i ). 
Then Wc is given by 

w c : 0xix 2 • • .x m x m+ i h^-> 00xix 2 . . . x m x m+ i T f^ 3 00 x m+ i x 2 ■ ■ ■ x m x\ ^ 

X m -{-l X2 ■ ■ ■ X m X\ 1 > XfnJf-i U X1X2 • • • X m X m +i I > U X^X2 • • • X m X m s r \X m J r \ I > 

yi . . . y n xi . . . x m x m+ ix m+ i h^-> yj . . . y n x m+ i xi . . . x m x m+ i , 
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where 7r(.) = T m+ i^ m+2 • • • ^2,3 ti,2(-) shifts x m+ \ from position 1 to position m + 2, while shifting 

Oxi . . . X m One position to the left; and 7t'(.) = T m +2,m+3 ■ ■ ■ ' r n+m+l,n+m+2 Tn+m+2,n+m+3 

(.) shifts 

x m+ \ from position n + m + 3 to position n + 2, while shifting x± . . . x m one position to the right. 

So, Wc = 7r' Wft: 7T T3 jm+ 3 ^ v 7"3,m+3 c, noting that functions act on the left. Thus, \Wc\ = 
\Wk \ +m+n+5 if we use all of {r^j : 1 < i < j} in the generating set; over {r^j+i : 1 < i}, T3 jm+ 3 has 
length < 2m — 1, hence \Wc\ < 3m + n + 4. If we denote the maximum index in the transpositions 
occurring in Wc by Jq then we have Jq = max{ J^, n + m + 3}. 

In case a not-gate is added (instead of an identity gate), <^ v is replaced by </?-, </? v i n Wc, and the 
result is similar. 

Case 2: An and-gate (or an or-gate) is added to K to form C, i.e., 

C(.) : X\ . . . X m X rn+ iX rn+ 2 1 ► Vl ■ ■ - Vn ( x m+l A X m+2 ) 

(or, C(.) : xi . . . x m x m+ ix m+2 1 — ► J/i ■ ■ ■ y n {x m +i V x m+2 )). 
Then Wc is given by 

wc: 0xix 2 • • .x m x m+ ix m+ 2 i — ► 00xix 2 . . .x m x m+ ix m+2 1 — ► 1 — ► 

n n ^ A / A \ n r 2,m+3 T3,m+4 

0x m+ ix m+2 x 2 . . .x m 0xi i — ► (x m+ i Ax m+2 J x m+ ix m+2 x 2 ...x m 0xi i — > i — > 
(x m+ i A x m+2 ) Xix 2 . . . x m x m+ ix m+2 i — > xix 2 ...x m (x m+1 A x m+2 ) 

7r' 

yi ... y re xix 2 . . . x m (x m+ i A x m+2 ) x m+ ix m+2 i — > 

Oy 1 ...y n (x m+ i A x m+2 ) xix 2 . . . x m x m +ix m+2 , 
where 7r = r m+ i )m+2 ... r 2i 3 ri i2 shifts (x m +i Ax m+2 ) from position 1 to position m+2, while shifting 
0xix 2 . . . x m one position to the left; and tt' = T m+2 ,m+3 ■ ■ . T m+n+1 ^ m+n+2 shifts (x m+1 A x m+2 ) 
from position n + m + 2 to position m + 2, while shifting xi . . . x m one position to the right. 

So, = tt' W k tt T 3im , +4 T 2)m , +3 ^ A T 3im+4 T 2jm+3 u, hence |Wc| = \W K \ + n + m + 7 if all 
of {Tjj : 1 < i < j} is used in the generating set; over {r^j+i : 1 < z}, T3 jTra+ 4 and r 2im+ 3 have length 
< 2(m + 1) - 1, so \Wc\ < \W K \ + 5m + n + 9. Moreover, J c = max{ Jr-, m + n + 2}. 

Case 3: A fork-gate is added to K to form C, i.e., 

C(.) : xi . . .x m x m+ i i — ► yi . . .y n x m+1 x m +i- 
Then Wc is given by 

w c ■■ Oxix 2 . . .x m x m+ i 000xix 2 . . .x m x m+ i 00 x m+i xix 2 . . . x m ^ 

x m+ i0x m+ ixix 2 . . .x m 00x m+i xix 2 . . .x m x m+ i ^ x m+ i0x m+ ixix 2 . . . x m x m+ i ^ 

0xix 2 . . . x m x m+l x m+ ix m+ i Oyi . . .y n xix 2 . . . x m x m+ ix m+ ix m+ i 

Oyi . . . y n x m+ ix rn+ i xix 2 . . . x m x m+ i , 

where n = T m+ z,m+A ■ ■ ■ r i,2 fm+3,m.+4 • • • T3,4 shifts the two copies of x m+ \ at the left end from 
positions 1 and 3 to positions m + 3 and m + 4, while shifting to position 1 and shifting x\ . . . x m 
two positions to the left; and it' = T m+ 3 im , +4 . . . T m+n+2 , m+n +3 T m+2jm+3 . . . r m+n+ ^ m+n+2 shifts 
x m +ix m +i from positions m + n + 2 and m + n + 3 to positions m+2 and m + 3, while shifting 
xi . . . x m two positions to the right. 

So, Wc = it' Wk vt ip v ri im+4 ip v r 3im+ 4 a 2 , hence |Wc| = |Wk| + 2m + n + 10, if all of 
{fij : 1 < i < j} is used in the generating set; over {r^+i : 1 < i}, ri jm+ 4 has length < 2(m+3) — 1 and 
T3,m+4 has length < 2m — 1. Hence, \Wc\ < | + 6m+n+ 14. Moreover, Jc = max{J^, m+n+3}. 

In all cases, \Wc\ < |Wft-|+c-(m+n+l) (for some constant c > 1), and Jc < max{ Jk, n+m+3}. 
Thus, each slice eg, with input-output map q(.) : i — > is represented by a word W Ct with 
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map w Ce (.) : y^ ^ i — > QyW y^ *\ such that |W C J < c • (n 2 ^ + n 2 ) (for some constant c > 1), 
and J Ce < ne-i + n e + c. 

Regarding wire-crossings, we do not include them into other slices; we put the wire-crossings into 
pure wire-crossing slices. So we consider two kinds of slices: Slices entirely made of wire-crossings 
and identities, slices without any wire-crossings. Wire-crossings in circuits are identical to the group 
elements r^j+i. 

We now construct the word Wf from the words W Ce [l = 1, . . . ,L). First observe that since the 
map w Ce (-) is a right-ideal isomorphism (being an element of G^i), we not only have 

w ce (.): Oy^ OyWyW 
but also 

w ce (.): 0yV- 1 )yV- 2 )...y(. 1 )yW .— ► y W y V-l) y (l-2) _ . . y (l) y (0) _ 
Then, by concatenating all W Cf (and by recalling that y = y( L ) and x = y( )) we obtain 

^ w CL ^ 1 ... w C2 u/ Cl (.) : Ox i — ► Oyy^ 1 ) ... y( 2 ) yW x. 
Let 71-^ be the position permutation that shifts y right to the positions just right of x: 

kc s ■ Oyy^" 1 ) ... y^y^x i — ► 0y (i_1) ... y^y^xy. 
Observe that for (W CL _ 1 ... W C2 W Cl )~ x we have 

(tf CL _ 1 ... We, WcJ - ^.) : Oy^ 1 ) ... y( 2 )yWxy i — ► Oxy. 
Then we have: 

w c L w c L -i ■■■ w c 2 w c! v Cf (u> CjL _ 1 ... w C2 u; Cl ) _1 (.) : Ox i — ► Oxy . 
By using the position permutation 7r mjn : Oxy i — ► Oyx, we now see how to define Wf. 

W f = 7r m , n W CL W CL _, ... W C2 W C1 n Cf {W CL _, ... W C2 W Cl )-\ 

Then we have: 

Wf(.) : Ox i — ► Oyx, 

where y = /(x). 

Finally, we need to examine the length of the word Wf in terms of the size of the circuit Cf that 
computes / : {0, l} m {0, l} n . 

The position permutation 7r mjn shifts the n = \y\ letters of y to the left over the m = \x\ positions 
of x. So, TT m , n can be written as the product of nm transpositions in {r^j+i : 1 < i}, with maximum 
subscript J^ n < m + n + 1. 

The position permutation irc f shifts y to the right from positions in the interval [2, n + 1] within 
the string Oy y( L_1 ) . . . y( 2 ) yW x to positions in the interval [2 + J2i=o n *' ^ + S^=o n «] W1 thin 
the string 0y( L_1 ) ... y^y^xy. Note that Yli=o n i = (the size of the circuit C/), and 

= |y| = n, riQ = \x\ = m. We shift y starting with the right-most letters of y. This takes 
n ^2i=Q Hi = n (\Cf \ —n) transpositions in {r^j+i : 1 < i}, with maximum subscript Jir Cf = +2- 

We saw already that \W C( \ < c (w 2 _ 1 + nj), and J c< < n^_i + + c, for some constant c > 1. 

Note that Yli=o n i ^ (S^=o n *) 2 = l^/| 2 - Hence we have: |W/| < c Q |C/| 2 , for some constant 
c > 1. Moreover, the largest subscript in any transposition occurring in W/ is < |C/| + 2. 

Recall that we assumed that our circuit Cf was strictly layered, and that the circuit size has to be 
squared (at most) in order to make the circuit strictly layered. Thus, if Cf was originally not strictly 
layered, our bounds become \Wf\ < c \Cf\ 4 , and J\y f < | Cy | 2 -(- 2. □ 
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The next theorem gives a representation of a boolean permutation by an element of the Thompson 
group 6*2,1; the main point of the theorem is the polynomial bound on the word-length in terms of 
circuit size. 

Theorem 4.2 (Representation of permutations by the Thompson group). Let g : {0, l} m — ► 

{0, l} m be any permutation and let C g and C g -i be minimum- size circuits that compute g, respectively 
g^ 1 . Then there exists a word Wr gig -i\ over the generating set Tq 21 U {t^+i : 1 < i} 0/02,1, 
representing an element uii g>g -\\ G G^i such that: 

• For all x G Dom(g) and all y G Im(g): 

w (g,g- 1 )( 0x ) = 9 0), an d K^- 1 )) ^ ^) = ^(y), 

where (^(g.c/- 1 )) 1 £ ^2,1 ^ represented by the free- group inverse (W^g- 1 )) -1 of the word Wf g>g -iy 

• U7( flj5 -i)(.) and ( u '(g,9- 1 )) _1 stabilize both {0, 1}* and 1 {0, 1}* . 

• We have a length upper bound l^g.g- 1 )! = lO^fa.s -1 )) I — 0{\C g \ A + \C g -\\ A ). 

• The largest subscript of transpositions Ti^ + \ occurring in W( g g -i^ is < max{|C 9 | 2 , |C 9 -i| 2 } +2. 

Note that we distinguish between the word (over a generating set of G^i) and the element 

w (g,g~ 1 ) °^ ^ 2 > 1 represented by Also, note that although g is length-preserving (g G lpG2,i), 

w (g,g~ 1 ) ^ ^ 2 >l ^ s no ^ length-preserving. 

Proof. Consider the position permutation ir : Oyx 1 — ► Oxy, for all x,y G {0, l}" 1 ; we express 7r 
as a composition of < m 2 position transpositions of the form Tj.j+i. Let W g be the word constructed 
in Theorem 14. II for g, and let W g -i be the word constructed for g~ l . We define Wu g -\\ by 

W (g,g->) = (W^)- 1 W g . 

Then for all x G Dom(g) we have: w (g,g- 1 ) '■ ® x 1 — > On, where n = g(x). More precisely, for all 
x G domC(g), 

Ox — ^ g(x) x = 0nx ij/ = g^ 1 {y) — ► On = 

Since domC(a) is a maximal prefix code, wj( g , g -i) maps 0{0, 1}* into 0{0, 1}* (where defined). 

Similarly, for all y G Im(g) = Dom(a _1 ) we have: (^(g.g- 1 )) 1 : 0y 1 — * Ox, where x = g~ 1 (y), 
y = g(x). Since domC(g _1 ) is a maximal prefix code, ('^(g.g- 1 ))" 1 maps 0{0, 1}* into 0{0, 1}* (where 
defined). Hence, elements of 0{0, 1}* are never images of 1{0, 1}*. Thus, 1{0, 1}* is also stabilized 

b y w (g,g~ i ) and b y (^(s.s- 1 )) -1 - 

The length of the word is bounded as follows: We have \W g \ < c Q \C g \ 4 , and |(W ff -i) _1 | = 

l^^- 1 ! < c |C g -i| 4 , by Theorem 14.11 Moreover, tt can be expressed as the composition of < m 2 
(< |C 9 | 2 ) transpositions in {t^+i : 1 < i}. 

The bound on the subscripts also follows from Theorem 14.11 □ 

5 Distortion vs. computational asymmetry 

We show in this Section that the computational asymmetry function a(.) is polynomially related to a 
certain distortion of the group lpGi,\- 

By Theorem 14.21 f° r every element g G lpG2,\ there is an element G Gi % \ which agrees with 

g on 0{0, 1}*, and which stabilizes 0{0, 1}* and 1 {0, 1}*. The main property of Wr g>g -i) is that its 
length is polynomially bounded by the circuit sizes of g and g _1 ; that fact will be crucial later. First 
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we want to study how Wt g;g -i\ is related to g. Recall that we distinguish between the word W( gi9 -i\ 
(over a generating set of G^i) and the element iW( g , g -i) of G^i represented by W^g-iy 
Theorem 14.21 inspires the following concepts. 

Definition 5.1 Let G be a subgroup of G<i.\- For any prefix codes Pi,...,Pk C {0,1}*, the joint 
stabilizer (in G) of the right ideals Pi{0, 1}*, . . . , Pfc{0, 1}* is defined by 

Stab G (Pi,...,P fc ) = {g£G: g(Pi{0, 1}*) C P;{0, 1}* for every i = 1, ... ,k} . 
The fixator (in G) o/Pi{0,l}* is defined by 

Fixo(Pi) = {geG: g(x) = x for all x G Pi{0, 1}*)}. 
XTie fixator is also called "point-wise stabilizer". 

The following is an easy consequence of the definition: Fix G (Pj) is a subgroup of G (C G^i), for 
i = 1, . . . , k. If the prefix codes Pi, . . . , P& are such that the right ideals Pi{0, 1}*, . . . , Pt{0, 1}* are 
two-by-two disjoint, and such that P\ U . . . U P^ is a maximal prefix code, then Stab G (Pi, • • • , Pt) is 
closed under inverse. Hence in this case Stab G (Pi, • • • ,Pt) is a subgroup of G. 
In particular, we will consider the following groups: 

• The joint stabilizer of 0{0, 1}* and 1 {0, 1}*, 

Stab G (0,l) = {g£G: g(0{0, 1}*) C 0{0, 1}* and g(l {0, 1}*) C 1 {0, 1}*}. 

• The fixator of {0,1}*, 

Fix G (0) = {geG: g(x) = x for all x G {0, 1}*}. 

• The fixator of 1 {0,1}*, 

Fix G (l) = {g£G: g(x) = x for all x £ 1 {0, 1}*}. 

Clearly, Fix G (0) and Fix G (l) are subgroups of Stab G (0, 1). 

Lemma 5.2 (Self-embeddings of G2,i)- Let G be a subgroup of Gi,\- Then G is isomorphic to 
Fix G (l) and to Fix G (0) by the following isomorphisms: 

A : g € G 1 — ► (g) G Fix G (l) 

Ax : g € G ■— ► G Fix G (0) 

where (g)o and (g)\ defined as follows for any g G G^i-' 

n f0xG0{0,l}* 1 — > 0j(i) n f lxGl{0,l}* 1 — ► lg(i) 

I 1 x G 1 {0, 1}* 1 — ► lx : | Ox G {0, 1}* 1 — ► Ox 

Proof. It is straightforward to verify that Ao and Ai are injective homomorphisms. That Ao is onto 
Fix G (l) can be seen from the fact that every element of Fix G (l) has a table of the form 

Oxi . . . 0x n 1 
Oyi ... 0y n 1 



where {x%, . . . , x n } and {yi, . . . , y n } are two maximal prefix codes, and 
element of G. □ 



Xx . . . x fi 

Ul ■■■ Vr, 



is an arbitrary 



Lemma 5.3 Let G be a subgroup 0/G2 l- Then the direct product G xG is isomorphic to Stab G (0, 1) 
by the isomorphism 

A: (f,g) GGxG 1 ► (OxwO f(x), 1 g(x)) G Stab G (0,l). 
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Proof. It is straightforward to verify that A is a homomorphism. That A is onto Stab G (0, 1) and 
injective follows from the fact that every element of Stab G (0, 1) has a table of the form 



, x' n }, and {y[, . . . , y' n }, are maximal prefix codes, and 
are arbitrary elements of G (C G<i i). □ 



Lemmas 15.21 and 15.31 reveal certain self- similarity properties of the Thompson group G2,i- (Self- 
similarity of groups with total action on an infinite tree is an important subject, see [27]. However, 
the action of G^i is partial, so much of the known theory does not apply directly.) 
The stabilizer and the fixators above have some interesting properties. 

Lemma 5.4 . 

(1) Forallf,geG: (/)„ = (/)o 

(i.e., the commutator of Fix G (0) and Fix G (l) is the identity). 

(2) Fix G (0) • Fix G (l) = Stab G (0, 1) and Fix G (0) n Fix G (l) = 1, 

(3) Stab G (0, 1) is the internal direct product o/Fix G (0) and Fix G (l). 
(This is equivalent to the combination of (1) and (2).) 

(4) Forallf,geG: A(f,g) = A (f)-A 1 (g), A (/) = A(/, 1), and A^g) = A(l, g). 
Moreover, Fix G (0) = Ai(G), Fix G (l) = A (G), and Stab G (0,l) = A(G x G). 



Proof. The proof is a straightforward verification. 



□ 



Lemma 5.5 For every position transposition r^j, with 1 < % < j, we have 

( T i,j)o = 1~2j+l o r 3j+ iO (ri >2 )o ° 7"3,j+l ° 72,i+l- 

Hence, assuming (ti^q G r Ga 1; and abbreviating {tjj : < i < j} by r, we have: 



IK,-) 



j)0\r 



G 2 ,1 L 



< 5. 



Proof. Recall that for (11^)0 we have, by definition, (71^)0(1 w^) = lw, and (ti j2 )o(0 X2X3U)) = 
OX3X2W, for all w G {0,1}* and X2,x% G {0,1}. The proof of the Lemma is a straightforward 
verification. □ 



Now we arrive at the relation between ^(g,g-i) and g. 

Lemma 5.6 For all g G lpG2,i the following relation holds between g and ■' 

w (9,g-i) ■ (9)o 1 , (9)o 1 • w (g,g-i) G Fix /pC7 2 ,i (0) • 
Equivalently, 

{9)0 • Fix ZpG21 (0) = w^g-i) • Fix; pG21 (0) ? and 

Fix /pG 2 ,!(0) • (5)0 = Fbqp G21 (0) -w^-i) • 

Proof. By Theorem 14.21 we have w^ g g -i^(0 x) = g'(x) for all x G Dom(g). So, Wfg^- 1 ) and (g)o 
act in the same way on 0{0, 1}*. Also, both and (g)o map 0{0, 1}* into 0{0, 1}*, and both 

map 1 {0, 1}* into 1 {0, 1}*. The Lemma follows from this. □ 
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We abbreviate {ry : < i < j} by r. The element W( gg -ij of G^i, represented by the word 
Wfg t g-i\, belongs to Stab; p G 2 1 (0, 1) as we saw in Theorem 14.21 However, the word Wi g>g -\\ itself is a 
sequence over the generating set Tq 2 1 U t of G 2 ^\. Therefore, in order to follow the action of Wi g>g -i\ 
and of its prefixes we need to take Fix(O) as a subgroup of G 2 ^\. This leads us to the Schreier left 
coset graph of Fix Ga 1 (0) within G 2 \, over the generating set Tq 2 1 U t. By definition this Schreier 
graph has vertex set G 2) i/Fix G21 {0), i.e., the left cosets, of the form g ■ Fix G21 (0) with g G G 2j \. And 

it has directed edges of the form g • Fix Ga 1 (0) jg • Fix G2 ^ (0) for g G G 2> i, 7 G r G2 1 U r - Lemma 
15.61 implies that for all (7 G lpG 2t ±, 

(5)0 • Fix G21 (0) = • Fix G21 (0). 

We assume that r Ga 1 = I 1 ^ i , so the Schreier graph is symmetric, and hence it has a distance function 
based on path length; we denote this distance by 

d G/F {.,.): G 2il /Fix G21 (0)xG 2)1 /Fix G21 (0) — » N. 

Lemma 5.7 There are injective morphisms 

gelpG 2 ,i ^ g G G 2 ,i (5)0 G Fix Ga x (1) (5)0 • Fix Gz x (0) G Stab G21 (0, l)/Fix G2 a (0), 

and an inclusion map 

(g) - Fix G21 (0) G Stab G21 (0,l)/Fix G21 (0) ( 5 ) ■ Fix Ga x (0) G G 2 ,i/Fix G21 (0). 

In particular, 

g£G 2 ,i ' — ► (5)0 • Fix G21 (0) G G 2) i/Fix G21 (0) 
is an embedding of G 2) \, as a set, into the vertex set G 2> \/F\x G2 1 (0) of the Schreier graph. 

Proof. Recall that the map Ao : g G G 2 ,i 1 — * (g)o G Fix Gai (l) is a bijective morphism (Lemma 
I5.2p . Also, the map u G Fix Gai (l) 1 — ► u ■ Fix Gai (0) G G 2 ,i/Fix G2 1 (0) is injective; indeed, if 
u ■ Fix G2 1 (0) = v • FiX(3 2 1 (0) with u,v E Fix Ga 1 (1) then v~ 1 u G Fix Gai (0) Pi Fix G21 (l) = {1}. 

The map g G G^i 1 — > (5)0 • Fix Gai (0) G Stab Ga 1 (0, l)/Fix Ga 1 (0) is a surjective group 
homomorphism since Fix Ga 1 (0) is a normal subgroup of Stab Ga A (0, 1). Since Fix Ga A (0)nFix G (l) = {1}, 
this homomorphism is injective from Fix Ga onto Stab Ga 1 (0, l)/Fix Ga 1 (0). 

The combination of these maps provides an isomorphism from G%\ onto Stab Ga 1 (0, l)/Fix G2 1 (0). 
Hence we also have an embedding of G 2) i, as a set, into the vertex set G f 2,i/Fix G2 1 (0) of the Schreier 
graph. □ 

Since by Lemma [5.71 we can consider G 2j i as a subset of the vertex set G2,i/Fix G2 1 (0) of the 
Schreier graph, the path-distance d G /p(.,.) on G 2 ,i/Fix G2 ^(0) leads to a distance on G^i, inherited 
from d G/F (., .) : 

Definition 5.8 For all g, g' G G^i the Schreier graph distance inherited by G^i is 
D(g,g') = d G/F ((g) -F\x G21 (0), (g') ■ Fix^ (0)) . 

The comparison of the Schreier graph distance D(.,.) on lpG 2) \ with the word-length that lpG 2t i 
inherits from its embedding into lepM 2) \ leads to the following distortion of lpG 2 ,\- 

Definition 5.9 In lpG 2t i we consider the distortion 

A(ra) = max{Z>(l,g) : \g\i ep M 2 ,i < n, g G lpG 2>1 }. 

We now state and prove the main theorem relating A(.) and a. Recall that a(.) is the computational 
asymmetry function of boolean permutations, defined in terms of circuit size. 
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Theorem 5.10 (Computational asymmetry vs. distortion). The computational asymmetry 
function a{.) and the distortion A(.) of /pG^i are polynomially related. More precisely, for alln £ N : 

(a(n)) 1 ^ 2 < d • A(n) < c n 4 + c ■ (a(cn)^ 
where c > d > 1 are constants. 

Proof. The Theorem follows immediately from Lemmas 15.111 and 15.121 □ 

Lemma 5.11. There is a constant c > 1 such that for all n £ N : A(n) < c n 4 + c • (a(cn)) 4 . 

Proof. By Lemma 15. 6| (g)o • Fix Ga j:L (0) = u)( g 9 -i) • Fix Ga i (0), hence 

d(Fix G21 (0), (g) • Fix G21 (0)) = d(Fix G21 (0), W( g>g -iy Fix G21 (0)). 
Since the word and the Schreier graph use the same generating set, namely r Ga 1 U r, we have 

4 Fix G 2 ,i(0), Wig^- 1 ) ■ Fix G2,i(°)) < I^Cs.s- 1 )!- 
By Theorem 14.21 |W( Slff -i)| < 0(|C 9 | 4 + |C 9 -i| 4 ). And by the definition of the computational 
asymmetry function, |C ff -i| <a(\C g \). Hence 

d(Fix GM (0), ( 5 ) -Fix G2:1 (0)) < 0(|C 9 | 4 + |C 9 -i| 4 ) < 0(|C 9 | 4 + a(|C 9 |) 4 ). 
By Proposition 12.41 \C g \ = 0(\g\i ep M 21 )- Hence, for some constants c",d > 1, 

d(Fix G21 (0), (g) ■ Fix Gai (0)) < d ■ \g\j epM21 + d ■ a(c" ■ \g\i ep M 2 ,i) 4 - 
Thus, 

max{d(Fix G21 (0), (g) • Fix Ga x (0)) : \g\i ep M 2il < n, g e lpG 2) i} < d n 4 + d a(d' n) 4 . 
By Definition 15.91 of the distortion function A we have therefore 

A(n) < dn A + d a(d' nf . 
This proves the Lemma. □ 

Lemma 5.12 There is a constant c > 1 such that for all n £ N : a(n) < c • A(cn) 2 . 
Proof. We first prove the following. 

Claim: For every g £ /pG^i, the inverse permutation g^ 1 can be computed by a circuit C g -i of size 
|C 9 -i| < c- <i(Fix G2 a (0), (g)o • Fix Ga j (0)) 2 , for some constant c > 1. 

Proof of the Claim: There is a word W of length \W'\ = d(Fix Ga A (0), (g)o ■ Fix Ga a (0)) over r Gaa U r 
that labels a shortest path from Fix G2 a (0) to (<7)o"Fix G2 a (0) in the Schreier graph of G2,i/Fix G2 ^ (0). Let 
W = iW') -1 (the free-group inverse of W), so \W\ = \W'\. Let w be the element of G^i represented 
by W. Then W labels a shortest path from Fix Gai (0) to (g~ 1 )o • Fix Gai (0) in the Schreier graph of 
f?2,i/Fix G2 1 (0); this path has length \W\ = \ W'\ = d(Fix Ga 1 (0), (g)o ■ Fix Gai (0)) = d(Fix Gai (0), 
(</ V Fix,;, ,!();). 

We have w ■ Fix Ga ^(0) = (g~ 1 )o • Fix Ga ^(0), thus for all x £ {0, 1}* : w(0x) = We now 

take the word VWU over the generating set Tm 2 l U t of the monoid M21, where we choose the words 
U and V to be U = (and, not, fork, fork), and V = (or). The functions and, not, fork, or were defined 
in Subsection 1.1. Then for all x = x\ . . . x n £ {0, 1}*, with x±, . . . , x n £ {0, 1}, we have 

fork fork not and „ „ 

X 1 . • • Xyi ^ X \ X ]_ . • • Xfi ^ ^ X J 3^ ]_ 37 ~\_ . . . X ^ vJ 3/ ]_ . . . X yi — U 37 

— ► g L (x) — > g \x). 
The last or combines and the first bit of g~ 1 (x), and this makes disappear. Thus overall, 
VWU(x) = g' 1 ^). The length is \VWU\ = \W\ + 5. 
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Since g 1 G lpG 2 \ C lepM2i, Theorem 12.91 implies that there exists a word Z over the generators 
Ti ep M 2 1 U r of lepM2,\ such that 

(1) |Z| < ci • |yp^C/| 2 , for some constant ci > 1, and 

(2) Z represents the same element of lepM 2 ,i as VWU, namely g^ 1 . 

Moreover, by Prop. 12.41 the word Z can be transformed into a circuit of size < c 2 • \Z\ (for some 
constant c 2 > 1). This proves that there is a circuit C g -i for g^ 1 of size |C„— r | < c • \W\ 2 (for 
some constant c > 1). Since we saw that \W\ = d G j F {V\x G2 1 (0), (5)0 • Fixc 2 1 (0)), the Claim follows. 
[End, Proof of the Claim.] 

By definition, D(l,g) = d G / F (F\x G21 (0), (g)o ■ Fix(j 21 (0)). Hence, by the Claim above: 
|C 9 -i|<c-( J D(l, 5 )) 2 . 

By Prop. [23] the word-length in ZepM 2j i and the circuit size are linearly related; hence \g\i ep M 21 < 
Co |C S |, for some constant Co > 1. Therefore, 

a(n) = max{|C s -i| : \C g \ < n, g G ZpG 2; i} 

< max{|C 9 -i| : \g\i ep M 2tl < c n, g £ lpG 2 ,i} 

< max{c- (D(l,g)) 2 : \g\i ep M 2 ,i < c n, g G ZpG 2 ,i} 

< c-(A(c n)) 2 . 

This proves the Lemma. □ 

6 Other bounds and distortions 

6.1 Other distortions in the Thompson groups and monoids 

The next proposition gives more upper bounds on the computational asymmetry function a. 

Proposition 6.1. Assume T lepG21 C Ti epM21 CT M21 . Let 5 lpG> i epM = S[ |.|r Jl)G u-r, l-|r icpM2 x ut] 
be the distortion function of lpG 2) \ in the Thompson monoid lepMix, based on word-length. Similarly, 
let &ipG,M = ^[l-|r ipG utj l-|r M2lUr ] be the distortion function of IpG '2,1 in the Thompson monoid 
M2 i- Then for some constant c > 1 and for all n G N, 

afa) < c- 5[ pGt [ epM (cn) < c ■ 5 lpGtM (cn). 

Proof. We first prove that d~i p G,iepM( n ) < o~ipG,M( n )- Recall that by definition, o~i p G,iepM{ n ) = 
max{|5| /pG21 : 5 G ZpG^.i, MtepMa.i < »}> and similarly for Si pGjM (n). Since r kpM21 C r A f 21 we 
have l^liepAfa,! < Mm 2i i- Hence, {\g\i p G 2tl ■ 9 G /pG 2 ,i, Mz e pM 2 ,i < ™} ^ {bl/ P G 2 ,i : 9 G ^2,1, 
b|M 2 .i < n }- By taking max over each of these two sets it follows that 6i p G,lepM fa) < o~i P G,M( n )- 

Next we prove that afa) < c-5i pG) i ep M{cn). For any 5 G lpG2,\ wehaveC(g _1 ) < 0{\g~ 1 \i ep M 2 . 1 ), 
by Prop. [3T21 Moreover, |<? _1 |; e pM 2 i — I <? 1 1 ZpG 2 1 since lpG2,\ is a subgroup of lepM 2> i, and since the 
generating set used for lpGi,\ (including all Tjj) is a subset of the generating set used for £epM 2 ,i. F° r 
any group with generating set closed under inverse we have |g -1 |G = \g\c- And by the definition of 
the distortion 5i pGt i epM we have \g\i p G 2 ,i < $lpG,lepM{\g\lepM 2A )- An d again, by Prop.E21 \g\le P M 2A < 
0(C(g)). Putting all this together we have 

C{g~ l ) < ci • \g~ l \i ep M 2) i < ci • |<7~ hpG s ,i = c\ • b|;pG 2 ,i 

< Ci • <5i p G,iepM(|5'|iepM 2 ,i) < Ci • Si p G,l e pM(c2 C(g)). 
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Thus, ci • 5i p c,iepM(c2 C{g)) is an upper bound on C(g 1 ). Since, by definition, a(C(g)) is the smallest 
upper bound on C(g^ 1 ), it follows that a(C(g)) < c\ ■ d~i p G,iepM(c 2 C{g)). □ 

Recall that in the definition 15.91 of the distortion A we compared D(.,.) with the word- length in 
lepM 2j \. If, instead, we compare D(., .) with the word-length in M 2% i we obtain the following distortion 
of lpG 2 ,i : 

S(n) = max{D(l,g) : \g\M 2A < n, g E lpG 2 ,i}. 

Proposition 6.2 The distortion functions A(.) and 5(.) are polynomially related. More precisely, 
there are constants c',c±,c 2 > 1 such that for all n G N: A(n) < c\ 6(n) < c 2 A(c'n 2 ). 

Proof. Let's assume first that Ti ep M 2 x Q Tm 2 i i from which it follows that |#|m 2 ,i < Is|m 2 ,i • Therefore, 
{D{l,g) : bliepM 2 ,i < n} C {L>(1,#) : Mm 2)1 < «}■ Hence, A(n) < £(n). 

By Theorem EH |ff|fepjtf 2il < c '\9\m 2A - So ) {^(^f) : blM 2j a < n} C {Z)(l,p) : |ff|jepAf 2 ,i < cn2 }- 
Hence, 5(n) < A(cn 2 ). 

When we do not have Ti ep M 2 1 ^ r^j, the constants in the theorem change, but the statement 
remains the same. □ 

6.2 Monotone boolean functions and distortion 

On {0, 1}* we can define the product order, also called "bit-wise order". It is a partial order (and in 
fact, a lattice order), denoted by and defined as follows. First, 0^1; next, for any u, v G {0, 1}* 
we have u < v iff \u\ = \v\ and U{ -< Vi for all i = 1, . . . , \u\, where Ui (or Vi) denotes the ith bit of u 
(respectively v). 

By definition, a partial function / : {0, 1}* — > {0, 1}* is monotone (also called "product-order 
preserving") iff for all u, v £ Dom(/) : u <v implies f(u) ^ f(v). 

The following fact is well known (see e.g., [43j Section 4.5): A function / : {0, l} m — * {0, l} n is 
monotone iff / can be computed by a combinational circuit that only uses gates of type and, or, fork, 
and wire-swappings; i.e., not is absent. A circuit of this restricted type is called a monotone circuit. 

Razborov [30 J proved super-polynomial lower bounds for the size of monotone circuits that solve the 
clique problem, and in [31] he proved super-polynomial lower bounds for the size of monotone circuits 
that solve the perfect matching problem for bipartite graphs; the latter problem is in P. Tardos [37] . 
based on work by Alon and Boppana [I], gave an exponential lower bound for the size of monotone 
circuits that solve a problem in P; see also |42j (Chapter 14 by Boppana and Sipser). Thus, there exist 
problems that can be solved by polynomial-size circuits but for which monotone circuits must have 
exponential size. In particular (for some constants b > l,c > 0), there are infinitely many monotone 
functions f n : {0, l} n — > {0, l} n such that f n has a combinational circuit of size < n c , but f n has no 
monotone circuit of size < b n . 

Based on an alphabet A = {a±, . . . , a^} with a\ -< a 2 -< ... -< we define a partial function 
/ : A* — > A* to be monotone iff / preserves the product order of A*. The monotone functions enable 
us to define the following submonoid of the Thompson-Higman monoid lepM^i : 

monMk^i = {<p € lepM^^i ■ (p can be represented by a monotone function P — > Q, 

where P and Q are prefix codes, with P maximal }. 

An essential extension or restriction of an element of monMk t i is again in monMk i, so this set is 
well-defined as a subset of lepM^ \. It is easily seen to be closed under composition, so monM^^ is a 
submonoid of lepM^i. 
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We saw that all monotone finite functions have circuits made from gates of type and, or, fork. 
Hence monMn has the following generating set: 

{and, or, fork} U {t^ j : j > i > 1}. 

The results about monotone circuit size imply the following distortion result. Again, "exponential" 
refers to a function with a lower bound of the form n £ N i — ► exp(v / d n), for some constants d > 
and c > 1. 

Proposition 6.3 Consider the monoid monMix over the generating set {and, or, fork} U {t^j : j > 
i > 1}, and the monoid lepMi^x over the generating set Ti ep M 2 1 U {Tij : j > i> 1}, where Ti ep M 2 1 is 
finite. Then monM2 ) \ has exponential word-length distortion in lepM^x- 

Proof. Let T mon = {and, or, fork}. By Prop. \2Al we have \f\r iepM ut = |C/|> where \Cf\ denotes the 
ordinary circuit size of /. By a similar argument we obtain: |/|r mo „UT = \monCf\, where \monCf\ 
denotes the monotone circuit size of /. We saw that as a consequence of the work of Razborov, Alon, 
Boppana, and Tardos, there exists an infinite set of monotone functions that have polynomial-size 
circuits but whose monotone circuit-size is exponential. The exponential distortion follows. □ 

Since lepMix has quadratic distortion in M21, monM%^_ also has exponential word-length distor- 
tion in Mi \. 
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